On Fri, 8 Feb 2013 11:09, pe...@digitalbrains.com said: > the same as for the signature key; both are a form of signatures. However, I'm > not familiar with the rationale for adding the force signature PIN flag.
That is simply a requirement due to the German law about qualified signatures. If someone wants to use the OpenPGP card specification to setup a qualified signature system, this feature is needed. This is not that I think this will ever be done, but back when we worked out the specs it seemed to be a good idea to have such a feature. In any case it is not a security measure because the host may simply cache the PIN and and silently do a verify command before each sign operation. To avoid that simple workaround, a pinpad reader which filters the VERIFY command would be needed. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users