"Robert J. Hansen" <[EMAIL PROTECTED]> writes: >> I've been considering getting an OpenPGP Card, but there are three >> reasons I'm reluctant to. The main one is that I want something that >> will only do one signature or decryption at a time. That way if my >> machine is compromised, I'll only suffer one hit before I'll notice >> something's wrong. > > The OpenPGP card actually gives you a substantial advantage in this > situation. > > Let's say that you're running GnuPG on a PC and I'm able to subvert > the box. I put in a keylogger and snarf your passphrase. I also > copy your private keyring and mailspool off the box. I can now read > your mail without ever touching it, except to copy a couple of files > and install a small app. You're none the wiser. > > Compare this to an OpenPGP card, where I have to find you in a dark > alley and have a conversation with your kneecaps to get your card and > PIN. You will most probably know that something has happened to you.
What prevents the keylogger in your first example to snarf the PIN code for the OpenPGP card and send decryption requests to the OpenPGP card, using the PIN code, in the background, possibly remotely controlled over the network? Alternatively, if you think remotely controlling the trojan is difficult, let it iterate through your mail spool and send decryption requests to collect all session keys, and then send the mail spool and the session keys to you. I think smart cards in general are somewhat over-rated. You have no idea what they are signing, and the authorization control (PIN code) is easy to get by with a trojan. To be secure with smart cards, I think you'll need a separate single-purpose device that show you what it is going to sign, and signs it only after getting some credential (e.g., PIN), using its own trusted input device. And there should be no caching of the PIN code, or at least authorization should be required when the PIN cache is accessed. The protocol to the single-purpose device would actually be quite similar to what you would use to a 'old PC acting as HSM' device. The protocol is similar to a serialized PKCS#11 interface with the What You See Is What You Sign extensions. /Simon _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users