Communication with card reader encrypted?

Felix E. Klee felix.klee at
Mon Aug 27 17:09:01 CEST 2018

Thanks for clarification!

On Mon, Aug 27, 2018 at 11:51 AM, Werner Koch <wk at> wrote:
> The connection between the card reader and the host is not encrypted
> because that would require a key setup first and that would also be
> subject to key logging.

The host could provide a public encryption key to the card reader. Of

  * With a tampered USB cable, there still would be attacks possible,
    though different ones. That is, unless the reader can know the
    identify of the host, which would again require a priori exchange,
    so nothing gained.

  * This is very likely not part of the existing API (PC/SC?).

More information about the Gnupg-users mailing list