What are some threats against which OpenPGP smartcards are useful?
Andrew Gallagher
andrewg at andrewg.com
Wed Jan 8 13:51:58 CET 2020
On 07/01/2020 22:58, Christoph Groth wrote:
> How about the alternative of keeping small USB keycards (like a Yubikey
> nano) permanently plugged into the machines that you are using?
> Assuming that you trust the keycards to keep their secrets, wouldn’t
> that provide at least the advantage of a much shorter passphrase? Are
> there any security disadvantages of such a scheme?
That effectively uses the smartcard as a hardware security module, which
does have some advantages. The disadvantages are that if an attacker has
code execution access to your machine they still have full access to use
the key material. However, they cannot exfiltrate that key material, so
any malfeasance must be performed on your machine directly, which makes
it noisy. That may or may not be a deterrent, depending on your threat
model. It is more secure than having your private keys on disk, it just
may not be sufficiently secure.
--
Andrew Gallagher
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20200108/f8bf7f28/attachment.sig>
More information about the Gnupg-users
mailing list