gnupg 'signing server'? Looking for advice on key management/security
Jacob Bachmeyer
jcb62281 at gmail.com
Mon Nov 13 02:46:42 CET 2023
Daniel Cerqueira via Gnupg-users wrote:
> Jeff Schmidt <jsbiff at weldingengineering.com> writes:
>
> [...]
> You may want to consider using an OpenPGP smartcard (for example, a
> Yubikey). Seems that you are a good fit.
>
> Using a OpenPGP smartcard, the private key never leaves the smartcard.
> The smartcard can also be used on a smartphone that has NFC support.
>
The problem here is that, while the key never leaves the smartcard, the
/entire/ device that accesses the smartcard must be trusted, as a
backdoor on the device could steal plaintext or submit extra items for
signing. A PIN does not solve the problem, since the PIN is entered on
the device, which could be backdoored to store the PIN and submit it
along with Mallory's messages for the smartcard to sign---and the card
will sign it, since the PIN checks out...
Smartcards make silently duplicating the key difficult (supposedly
infeasible) but do not solve the general problems with network-connected
devices.
-- Jacob
More information about the Gnupg-users
mailing list