On Mon, Jan 06, 2014 at 10:34:06AM +0100, Werner Koch wrote: > an attacking malware only needs to trick you info decrypt an arbitrary > message and is then free to use the smartcard without having the reader > ask you again for a PIN.
Although these are important attacks to consider, PIN entry on the reader itself still provides additional protection if you want to protect your own signatures. > But for the other two keys we don't have such features. There is the obvious possibility to remove and re-insert the card after every use to reduce this attack surface somewhat. But for such a tradeoff other things should be considerd first (is your PIN really your biggest concern if you don't trust your computer/keyboard, is your reader really more trustworthy than your computer, ...). -- Michel Messerschmidt li...@michel-messerschmidt.de _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users