Re: Limit access to unlocked OpenPGP SmartCard?
Well, I think I could extend my SPR332 [mod][1]: * Add a push-button that one has to press to close the C7 circuit for I/O. Without that button pressed, the smart card cannot communicate with the reader. That means, for every operation, one would need to hold that button, kind of – but not as elegantly – as with a YubiKey. * Using some electronics detect when the green PIN pad ✓-button is pressed to confirm PIN entry on the reader. Let it trigger a timer that cuts I/O for good after a few minutes. Very likely there are some issues that I don’t see at the moment. [1]: https://github.com/feklee/0.332 ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Limit access to unlocked OpenPGP SmartCard?
Jacob Bachmeyer via Gnupg-users writes: >> After I unlock an OpenPGP SmartCard V2.1 in my SPR332 [mod][1], […] > > Does your smartcard reader have its own keypad for entering the PIN? yes ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Limit access to unlocked OpenPGP SmartCard?
Felix E. Klee wrote: After I unlock an OpenPGP SmartCard V2.1 in my SPR332 [mod][1], I can use it to decrypt as many files as I want. While this is convenient, it is not great if the system is compromised and I forget to unplug the card reader. Is there any way to limit how long the OpenPGP SmartCard remains unlocked? Does your smartcard reader have its own keypad for entering the PIN? If not and you are concerned about a possible system compromise, you have bigger problems, like the possibility for your smartcard PIN to be stolen as you enter it. If you then leave the card in the reader, Mallory can abuse it at his leisure. Even if you only insert the card when you intend its use, Mallory could plant malware that waits for the card to be inserted, then abuses it. -- Jacob ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Limit access to unlocked OpenPGP SmartCard?
On Thu, 27 Jan 2022 at 14:54, Matthias Apitz wrote: > gpgconf --reload scdaemon Gotta try that, maybe execute it with a timer, better than nothing. Best would be if the card itself could be configured to only do a certain number of operations after being unlocked. I think everything else is pretty much unsafe as well. ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Limit access to unlocked OpenPGP SmartCard?
After I unlock an OpenPGP SmartCard V2.1 in my SPR332 [mod][1], I can use it to decrypt as many files as I want. While this is convenient, it is not great if the system is compromised and I forget to unplug the card reader. Is there any way to limit how long the OpenPGP SmartCard remains unlocked? [1]: https://github.com/feklee/0.332 ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users