gnupg 'signing server'? Looking for advice on key management/security
Daniel Cerqueira
dan.list at brilhante.top
Mon Nov 13 12:46:19 CET 2023
Jacob Bachmeyer <jcb62281 at gmail.com> writes:
> The problem here is that, while the key never leaves the smartcard,
> the /entire/ device that accesses the smartcard must be trusted, as a
> backdoor on the device could steal plaintext or submit extra items for
> signing. A PIN does not solve the problem, since the PIN is entered
> on the device, which could be backdoored to store the PIN and submit
> it along with Mallory's messages for the smartcard to sign---and the
> card will sign it, since the PIN checks out...
>
> Smartcards make silently duplicating the key difficult (supposedly
> infeasible) but do not solve the general problems with
> network-connected devices.
If you don't trust pinentry, maybe you should also not trust gnupg. They
are from the same project (gnupg.org).
I believe is best for you not to use gnupg and pinentry, until you
review it.
More information about the Gnupg-users
mailing list