Thanks for clarification!
On Mon, Aug 27, 2018 at 11:51 AM, Werner Koch wrote:
> The connection between the card reader and the host is not encrypted
> because that would require a key setup first and that would also be
> subject to key logging.
The host could provide a public encryption key to
On Sun, 26 Aug 2018 00:31, gnupg-users@gnupg.org said:
> decrypted file itself could/would be read by a third party. The session
> key is, in this moment, the least problematic thing on your system.
Right. We assume physical security. The connection between the card
reader and the host is not
On 26/08/18 11:12, Felix E. Klee wrote:
>> I think you'll need to trust the cable anyway,
>
> Well, if the cable is soldered to the reader, then it’s much harder
> to tamper with. Swapping a replaceable cable requires much less
> effort.
I meant: even if the communication were encrypted and
On Sun, Aug 26, 2018 at 10:41 AM, Peter Lebbing
wrote:
> The OpenPGP smartcard and generic smartcard protocols do define
> "Secure Messaging", but I don't think this is commonly used for cabled
> OpenPGP smartcards.
Would be interesting to find out.
> I think you'll need to trust the cable
On 25/08/18 21:25, Felix E. Klee wrote:
> When I decrypt a file using an OpenPGP card, is the communication
> between a USB card reader and the GnuPG daemon encrypted?
The OpenPGP smartcard and generic smartcard protocols do define "Secure
Messaging", but I don't think this is commonly used for
On Sun, Aug 26, 2018 at 12:31 AM, Dirk Gottschalk
wrote:
> This is a really interesting question. But, does this really matter
> got an USB device? If there is a program on your computer, which
> interceps the communication, the security of you system is already
> broken.
I am more thinking
Hi.
Am Samstag, den 25.08.2018, 21:25 +0200 schrieb Felix E. Klee:
> When I decrypt a file using an OpenPGP card, is the communication
> between a USB card reader and the GnuPG daemon encrypted? Or: Is the
> decrypted session key sent unencrypted through the cable?
This is a really interesting
When I decrypt a file using an OpenPGP card, is the communication
between a USB card reader and the GnuPG daemon encrypted? Or: Is the
decrypted session key sent unencrypted through the cable?
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
