Hi Christoph,
There is one feature of smartcards that's hard to reproduce otherwise:
once you pull the smartcard out of the port the attacker can't use it.
If they steal your private keys they can do as they please with it
(until you revoke keys and users refresh your key... that can take some
time). For example if they steal your private encryption subkey they'll
be able to decrypt future communications with you. When you pull out the
smartcard that's where the attack ends.
(One way or another someone having code execution privileges on your
computer is bad.)
Additionally smartcards require PINs and lock the card after several
tries. This is not possible with keys on USB drives.
These two things are really useful when using the same token on multiple
devices (e.g. I use the same card on my laptop and phone).
Kind regards,
Wiktor
--
https://metacode.biz/@wiktor
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users