Limit access to unlocked OpenPGP SmartCard?

Jacob Bachmeyer jcb62281 at gmail.com
Fri Jan 28 03:28:55 CET 2022


Felix E. Klee wrote:
> After I unlock an OpenPGP SmartCard V2.1 in my SPR332 [mod][1], I can
> use it to decrypt as many files as I want.  While this is convenient, it
> is not great if the system is compromised and I forget to unplug the
> card reader.
>
> Is there any way to limit how long the OpenPGP SmartCard remains
> unlocked?
>   

Does your smartcard reader have its own keypad for entering the PIN?  If 
not and you are concerned about a possible system compromise, you have 
bigger problems, like the possibility for your smartcard PIN to be 
stolen as you enter it.  If you then leave the card in the reader, 
Mallory can abuse it at his leisure.  Even if you only insert the card 
when you intend its use, Mallory could plant malware that waits for the 
card to be inserted, then abuses it.


-- Jacob



More information about the Gnupg-users mailing list