Am Freitag 03 Dezember 2010 09:47:27 schrieb Nils Faerber: > The non-obvious content of the transaction, what you say as "you do not > see what you sign even on the PIN-pad" is an issue that has been > discussed a lot of times already - yes, it is definitely an issue but > very hard to solve. IMHO this would require a card terminal that > understands the data to be signed and present the user with a meaningful > summary. > But it strictly assumes again that this terminal cannot be compromised > too. And being more intelligent (in order to display complex data) means > to be a more complex device containing more complex device software > which again opens new possible security holes.
A first improvement would be to show the hash to be signed. Of course, you cannot trust the hash calculation on a potentially compromised PC but this would be a start for further protection (e.g. by sending the file to someone else and comparing the hashes). If I understand the process correctly then not the file hash is signed but the hash for a combination of the file hash and some metadata (timestamp, signer ID). For a security progress the card reader would have to see both hash components which would require a protocol change. IMHO it makes sense to plan this for the future. Ask the card reader whether it has a display and can do the hash calculation itself. If so then send the data in a new format. Hauke -- PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users