Re: Feature request for future OpenPGP card: force PIN
On Fri, 8 Feb 2013 15:18, pe...@digitalbrains.com said: I have an SCM SPR 532 reader with pinpad; I thought the host could not get at the PIN when entered on the pinpad? The way I understood it, the host sends a That is right. However, if for other reasons the PIN is known to the host (used without pinpad, spyware utilizing the microphone or another side channel, bugged reader firmware), the host will be able to use the smartcard without you noticing it. See the various attacks on point of sale terminals for such attacks. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Feature request for future OpenPGP card: force PIN
Hello Werner and list, I'd like to do a feature request for a new version of the OpenPGP card, whenever such a new version would be designed. The current OpenPGP cards have a force signature PIN flag which can be set so only one signature is issued with one PIN entry. I'd like to request similar flags for the other two keys on the card, the encryption key and the authentication key. To me, it seems that the rationale for such a flag on the authentication key is the same as for the signature key; both are a form of signatures. However, I'm not familiar with the rationale for adding the force signature PIN flag. I think there's an obvious use case for not setting the force PIN flag on decryption: if you're searching your mail archive for a certain string, and you have lots of encrypted mails, not forcing the PIN will mean you only need to enter the PIN once for the search. But offering the option to force the PIN for each decryption just means people with this use case will not set the flag; it does not get in their way. I don't have a mail archive with encrypted mails. To me, decryption is just as much a once only action as signatures. So I would personally set the force decryption PIN flag for the same reasons I set the force signature PIN flag. It seems to me this is a simple and harmless addition, so I hope it can be accepted on the grounds that it is useful to some, not harmful to others and not that much work. I hope I see that right. I regret not doing this feature request between the card v1.1 and v2.0 :). Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://digitalbrains.com/2012/openpgp-key-peter ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Feature request for future OpenPGP card: force PIN
On Fri, 8 Feb 2013 11:09, pe...@digitalbrains.com said: the same as for the signature key; both are a form of signatures. However, I'm not familiar with the rationale for adding the force signature PIN flag. That is simply a requirement due to the German law about qualified signatures. If someone wants to use the OpenPGP card specification to setup a qualified signature system, this feature is needed. This is not that I think this will ever be done, but back when we worked out the specs it seemed to be a good idea to have such a feature. In any case it is not a security measure because the host may simply cache the PIN and and silently do a verify command before each sign operation. To avoid that simple workaround, a pinpad reader which filters the VERIFY command would be needed. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
