On 2017/07/13 11:49, Matthias Apitz wrote: > > One problem comes obviously in mind: Someone with priv access to your > workstation, > for example IT personal, could relatively easy steal your passwords, just > setting your > environment and waiting for the moment that you have unlocked the card with > the PIN; > than he/she could run as root:
*snipped evil plan* Worse than that, they can keylog your PIN and use that to perform unlimited crypto operations using your smartcard whenever they detect it is plugged in. Or they can read decrypted passwords out of memory, or replace gpg with a version that copies everything it touches to a network connection. The possibilities are literally endless. > How is this supposed to be managed? Don't plug your smartcard into a computer that someone else has root access to. That's not flippant, that's the best you can do in principle. Smartcards can protect you against disclosure of your secret key, but not of data encrypted to that key. If you want to protect all the data encrypted by that key, then you still need to take all the precautions that you need to with any other method of secret key storage, and that means (amongst other things) don't decrypt your data on an untrusted machine. Remember, if someone else has root on your computer then it isn't your computer - it's theirs. A
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users