I currently use GnuPG with an OpenPGP Card V2.0 in a smart card reader with PIN pad. Surely, that adds a certain layer of security, as all encryption and signing operations happen on the card. However, there is one attack which I think could be easily prevented: With the card in the reader, the PIN entered, and Eve having remote access to my machine, she could sign and decrypt documents.
To prevent such an attack, I imagine a device where I have to confirm every transaction with a simple push on a hardware button. Does that exist? _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
