Daniel Cerqueira via Gnupg-users wrote:
Jeff Schmidt <jsb...@weldingengineering.com> writes:
[...]
You may want to consider using an OpenPGP smartcard (for example, a
Yubikey). Seems that you are a good fit.
Using a OpenPGP smartcard, the private key never leaves the smartcard.
The smartcard can also be used on a smartphone that has NFC support.
The problem here is that, while the key never leaves the smartcard, the
/entire/ device that accesses the smartcard must be trusted, as a
backdoor on the device could steal plaintext or submit extra items for
signing. A PIN does not solve the problem, since the PIN is entered on
the device, which could be backdoored to store the PIN and submit it
along with Mallory's messages for the smartcard to sign---and the card
will sign it, since the PIN checks out...
Smartcards make silently duplicating the key difficult (supposedly
infeasible) but do not solve the general problems with network-connected
devices.
-- Jacob
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users
