> On 06/02/13 11:37, Hauke Laging wrote: >> That seems easy to me: Except for small amounts (secure device's display >> capacity) of very simple data (plain text) [...] > > Seems to me to be enough to do what OP requested: signing e-mails he/she > wrote.
Yes. > It indeed seems easy to me that this won't work for binary data, I left > that > implied. A solution that works for signing e-mails sounds like a viable > solution. Just like the USB device the OP linked to only works for signing > an > electronic bank transfer. Yes. > Obviously you shouldn't use the same signing key for other duties because > those > other duties open up different methods to get an e-mail falsely signed. > Still, > not a deal breaker. Yes. > I'm not suggesting anybody build this solution. I'm arguing on the > technical > merits, not the economical ones. Robert suggested it is impossible or > close to > that. I don't see it that way, but maybe I'm missing some interesting > attack > vector. And that would be interesting to hear. > >> How are you going to do that with a PDF? I didn't ask for. > You're not going to achieve that. > >> The only possibility I see is that the secure device shows you the hash >> of >> the data to be signed. > > I don't see how that would work. Or, put differently, how that would work > any > better than transferring the file to a secured system. Because I can't > calculate the hash easily using pen and paper, I really need to be seeing > something other than the hash before I can be sure it's the data I wanted > to > sign. Even if hashes could be calculated by pen and paper, it seems like > it's an > unworkable solution. You would also need to be able to interpret all the > binary > data you're calculating the hash over, or else you still don't know what > you're > signing. The PDF could contain a vector image that renders to text saying > I owe > you ⬠1000. I would need to be able to create that vector image in my > head > before I can interpret the binary data that represents it. This just gets > more > insane the more you think about it. > > But it is really /way/ out of the scope of signing your e-mails. > > Peter. > > -- > I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. > You can send me encrypted mail if you want some privacy. > My key is available at <http://digitalbrains.com/2012/openpgp-key-peter> > _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users