On 08/11/17 16:27, ved...@nym.hush.com wrote: > or, more practically, just post anonymously to a blog or website, > using --throw-keyid, with a pre-arranged understanding that the > sender and receiver post to and check certain websites
I did not phrase it properly, leading to a misunderstanding. We are talking about using a smartcard on a compromised computer. I reasoned from the OpenPGP Card specification[1]. You can simply ask the smartcard for the public key; the actual cryptographic public key. So as an attacker with control over the computer, you see that someone succesfully decrypts a document using his OpenPGP card. You ask the smartcard for the public key that was used to encrypt the document, and you have a fully unique identifier for the key that was used. HTH, Peter. [1] It isn't clear to me whether this project is actually adhering to the OpenPGP card specification, though, I didn't check. I realised this only later. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users