On Tue, 14 Nov 2023 20:52, Jacob Bachmeyer said: > succeed in either case. If this condition is not met, Mallory will > eventually be able to forge a signature. Therefore, smartcards do not > actually provide additional security in the typical PGP usage.
In all environments you have the advantage that you don't need to re-deploy your public keys after a compromise of your signing box. Sure, there are signatures on software/data out there which are not legitimate but this is not different from the easier attack of modifying the software/data before doing the signature. Further, by inserting the smartcard only when required you limit the exposure time of the key and hinder attackers to do a lot of illegitimate signatures or decryption. The OpenPGP cards feature a signature counter which can give you a hint on whether it was used by something else than you. It is not a perfect solution but raises the hurdle for the attacker. By using the smartcard on different machines you can even avoid malware which fakes the displaying of the signature counter. For a policy POV having the key material securely locked away is also an advantage - even if the data can be decrypted/signed using a smartcard by malware. The security of the key material and the ability to use the key material are different topics in a security policy. Salam-Shalom, Werner -- The pioneers of a warless world are the youth that refuse military service. - A. Einstein
openpgp-digital-signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
