On Tue, 7 Jan 2014 16:28, sam.ku...@uclmail.net said: > "PSO:DEC" but does not define it. That document also mentions > "PSO:DECRYPT" but does not define it. And finally, that document > defines "PSO: DECIPHER". Are these three terms synonyms, or do they
I guess so. > 2. I assume that your "PSO Decrypt" means the same as "PSO:Decrypt" in > the specification document mentioned above. Is this assumption > correct? Yep. > 3. When you say, "a power down or a reset operation", do you mean (a) > "the card is powered down or reset", or (b) "the host computer is > powered down or reset", or (c) something else? With "power down" I mean that you remove power from the card. Thus the next time you access the card it will do a cold start. By reset I mean a couple of commands. For example selecting a different application or selecting again the OpenPGP app should reset the card state. But you better check the specs. >> an attacking malware only needs to trick you [into decrypting] an arbitrary >> message and is then free to use the smartcard without having the reader >> ask you again for a PIN. > > That is somewhat disappointing to me, although perhaps that is because > my knowledge is limited and I am simply unaware of a good reason for > this behaviour. Without that you won't like to read a bunch of encrypted mails. > the card from the reader, or both), would cause subsequent malicious > attempts to call PSO Decrypt, to result in failure (at least until the Right. Most likely they the PIN retry counter goes down until the card is locked. Thus attacking malware may easily DoS your card - however malware is commonly not interested in getting noticed by the user. I heard that some pinpad equipped readers have filters for the VERIFY command so that the HOST may not issue a plain VERIFY command to bypass the pinpad. > I can't find the string "PSO Sign" in [1]. Are you using it > synonymously with "PSO: COMPUTE DIGITAL SIGNATURE" (and/or "PSO:CDS")? Yep. Apologies for my non-standard compliant terms. > I can't find the string "forcesig" in [1]. Please can you tell me > where it is documented? See the card HOWTO or try gpg --card-edit, admin, help. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users