On Sun, 2023-11-12 at 19:46 -0600, Jacob Bachmeyer wrote: > A PIN does not solve the problem, since the PIN is entered on > the device, which could be backdoored to store the PIN
That's why card readers with pinpads were invented, and GnuPG also supports that: https://www.gnupg.org/howtos/card-howto/en/ch02s02.html Other ideas to improve isolation: * If you trust your Linux distribution in general but not every single desktop app, you can use a separate Linux user for sensitive activities. * You can use GnuPG Agent Forwarding via SSH to sign a file on a less trusted server from a more trusted client. This way your PIN is entered on the more trusted client machine. Regards Stephan
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users