> On 02/05/2013 01:04 PM, Peter Lebbing wrote: >> While I agree with the broad sentiment, I'm not so sure a certain >> amount of damage control is impossible with what he/she proposes. If >> you have a device with small attack surface[1] that shows you the >> plaintext you're about to sign before signing it *with that device*, >> you can at least prevent making bogus signatures. That still means >> you're in trouble when your PC is under control of an attacker, but >> you can't be coerced to issue false signatures. That's certainly >> something. > > If you don't trust the PC that GnuPG is running on, don't run GnuPG on > that system. (Or anything else that requires trust, for that matter.)
I have no reason to believe my system is compromised. Taking security very serious. Otherwise I wouldn't bother posting here. :) That sounds like a oxymoron. How can I be REALLY sure my system isn't compromised? Mail clients and browsers are major attack surface and a device exposed to internet can not be as secure as a small single purposed device. > It makes no sense to me to believe that it's somehow possible to have a > dongle that you can plug into a compromised PC to make it safe (or > safer) to sign with. I think if designed right it works. This implies the compromised machine can not attack the text reading and gpg signing device. > If you believe the PC is compromised, cut it out > of your process completely. There is no other realistic option here > that I can see. > _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users