On Sun, 5 Jan 2014 16:18, sam.ku...@uclmail.net said: >> The question is whether this is really helpful. Yes, it protects your >> PIN but it does not protect the use of your decryption key. > > Please could you elaborate?
To make use of the decryption key the smartcard first requires that a VERIFY command is send to the card. This is what asks for the PIN. After a successful verification of the PIN the card allows the use of the PSO Decrypt command until a power down or a reset operation. Thus an attacking malware only needs to trick you info decrypt an arbitrary message and is then free to use the smartcard without having the reader ask you again for a PIN. For the signature key we have this "forcesig" command which switches the card into a mode which requires a VERIFY command before each PSO Sign command. There is also the signature counter to tell you how often the signature key has been used. But for the other two keys we don't have such features. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users