Communication with card reader encrypted?
Felix E. Klee
felix.klee at inka.de
Sun Aug 26 11:12:32 CEST 2018
On Sun, Aug 26, 2018 at 10:41 AM, Peter Lebbing
<peter at digitalbrains.com> wrote:
> The OpenPGP smartcard and generic smartcard protocols do define
> "Secure Messaging", but I don't think this is commonly used for cabled
> OpenPGP smartcards.
Would be interesting to find out.
> I think you'll need to trust the cable anyway,
Well, if the cable is soldered to the reader, then it’s much harder to
tamper with. Swapping a replaceable cable requires much less effort.
Concerning key loggers for comparison: It is possible that the [attack
at TAZ] would not have happened had the attacker to tamper with the
victim’s keyboards, their computers, or their software.
I would not be surprised if you can find USB cables on Alibaba that
include sniffers and multiple GBs of flash memory for logging
everything, for debugging of course. ;)
More information about the Gnupg-users