On 13/01/2014, Peter Lebbing pe...@digitalbrains.com wrote:
On 12/01/14 00:18, Sam Kuper wrote:
Again, perhaps I am wrong. But if I am not, then the use of OpenPGP
cards with non-pinpad readers still makes no sense (at least, not to
me).
Since most readers don't filter VERIFY commands
Yes,
On 12/01/14 00:18, Sam Kuper wrote:
Again, perhaps I am wrong. But if I am not, then the use of OpenPGP
cards with non-pinpad readers still makes no sense (at least, not to
me).
Since most readers don't filter VERIFY commands and additionally you can't force
the OpenPGP smartcard to require a
On Jan 12, 2014 3:52 AM, MFPA 2014-667rhzu3dc-lists-gro...@riseup.net
wrote:
Sam Kuper wrote:
Yes, as I said, it could tamper with the message. But
if it does that, then when a recipient attempts to
verify the signature, gpg --verify will give the
message, gpg: BAD signature.
Not if the
On 07/01/2014, Peter Lebbing pe...@digitalbrains.com wrote:
On 07/01/14 17:27, Werner Koch wrote:
See the card HOWTO or try gpg --card-edit, admin, help.
Additionally, in the OpenPGP Card 2.0.1 spec, the DO with tag C4 on page
17,
section 7.2.2 (VERIFY) and section 7.2.8 (PSO: COMPUTE
On Jan 9, 2014 7:16 PM, David Tomaschik da...@systemoverlord.com wrote:
if the machine you are using for crypto operations is compromised, you have
lost (at least for the operations conducted while it is compromised)
Perhaps I'm wrong, but I don't entirely accept this. Surely if you are
On Sat, Jan 11, 2014 at 1:05 PM, Sam Kuper sam.ku...@uclmail.net wrote:
On Jan 9, 2014 7:16 PM, David Tomaschik da...@systemoverlord.com
wrote:
if the machine you are using for crypto operations is compromised, you
have lost (at least for the operations conducted while it is compromised)
On 11/01/2014, David Tomaschik da...@systemoverlord.com wrote:
On Sat, Jan 11, 2014 at 1:05 PM, Sam Kuper sam.ku...@uclmail.net wrote:
On Jan 9, 2014 7:16 PM, David Tomaschik da...@systemoverlord.com
wrote:
if the machine you are using for crypto operations is compromised, you
have lost (at
On 07/01/2014, Sam Kuper sam.ku...@uclmail.net wrote:
On 06/01/2014, Werner Koch w...@gnupg.org wrote:
The question is whether this is really helpful. Yes, it protects your
PIN
That is helpful. No question about this part!
Perhaps I should be clearer about why I believe it is unquestionably
Ignoring the fact that if the machine you are using for crypto operations
is compromised, you have lost (at least for the operations conducted while
it is compromised), a smartcard without a PIN pad may compromise your pin
(and allow arbitrary operations while the smartcard is protected) but still
Dear Werner,
Thank you for your kind reply.
On 06/01/2014, Werner Koch w...@gnupg.org wrote:
The question is whether this is really helpful. Yes, it protects your
PIN
That is helpful. No question about this part!
After a successful verification of the PIN the card allows the use of
the
On Tue, 7 Jan 2014 16:28, sam.ku...@uclmail.net said:
PSO:DEC but does not define it. That document also mentions
PSO:DECRYPT but does not define it. And finally, that document
defines PSO: DECIPHER. Are these three terms synonyms, or do they
I guess so.
2. I assume that your PSO Decrypt
On 07/01/14 17:27, Werner Koch wrote:
See the card HOWTO or try gpg --card-edit, admin, help.
Additionally, in the OpenPGP Card 2.0.1 spec, the DO with tag C4 on page 17,
section 7.2.2 (VERIFY) and section 7.2.8 (PSO: COMPUTE DIGITAL SIGNATURE) all
specify this one-VERIFY-per-SIG behaviour.
On Sun, 5 Jan 2014 16:18, sam.ku...@uclmail.net said:
The question is whether this is really helpful. Yes, it protects your
PIN but it does not protect the use of your decryption key.
Please could you elaborate?
To make use of the decryption key the smartcard first requires that a
VERIFY
Il 06/01/2014 10:34, Werner Koch ha scritto:
To make use of the decryption key the smartcard first requires that a
VERIFY command is send to the card. This is what asks for the PIN.
After a successful verification of the PIN the card allows the use of
the PSO Decrypt command until a power
On Mon, Jan 06, 2014 at 10:34:06AM +0100, Werner Koch wrote:
an attacking malware only needs to trick you info decrypt an arbitrary
message and is then free to use the smartcard without having the reader
ask you again for a PIN.
Although these are important attacks to consider, PIN entry on
On Sun, 5 Jan 2014 05:02, sam.ku...@uclmail.net said:
conventional USB stick-sized readers (e.g. Omnikey 6121) + ID-000
Take care: The Omnikey does not work with free software and 2048 bit
or larger keys. Better get a Gemalto or Identive (SCM) reader.
In group 2 above, the smallest reader I
On Jan 5, 2014 1:18 PM, Werner Koch w...@gnupg.org wrote:
On Sun, 5 Jan 2014 05:02, sam.ku...@uclmail.net said:
Take care: The Omnikey does not work with free software and 2048 bit
or larger keys. Better get a Gemalto or Identive (SCM) reader.
Thanks for the warning :)
In group 2 above,
On 05/01/2014, Sam Kuper sam.ku...@uclmail.net wrote:
In group 2 above, the smallest reader I have found online which offers
secure PIN entry is the ACR83.
Hm, I've now found several mailing list and forum discussions, etc,
that indicate the ACR83 is not compatible with OpenPGP cards. That's a
Dear GnuPG users,
I am new to this list, so please be gentle.
At some point in the coming months, I may try to obtain an OpenPGP
smart card and reader.
At the moment, such combinations, whether separable or combined into a
single device, seem to be available in two form factors, neither of
19 matches
Mail list logo
