Re: Can't import private key to GnuPG 2.1.1 on Windows 8 x64
I’ve been having the same problem. No solution yet ☹ /Jesper From: Hideki Saito Sent: Thursday, January 22, 2015 01:00 To: gnupg-users@gnupg.org Cc: Jesper Hess Nielsen -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Also I'd like to add that this seems to affect when generating new key as well. Here's the log below. (Seen on Windows 8.1 on x64) It prompts for passphrases, however gives up on me with the mesage below after continuing after entering passphrases: gpg: agent_genkey failed: End of file Key generation failed: End of file What left on Windows event viewer is consistent with what Jesper stated earlier. 2015-01-21 15:53:08 gpg-agent[404] listening on socket 'C:/Users/hsaito/AppData/Roaming/gnupg/S.gpg-agent' 2015-01-21 15:53:08 gpg-agent[404] gpg-agent (GnuPG) 2.1.1 started 2015-01-21 15:53:10 gpg-agent[404] handler 0x2 for fd 320 started 2015-01-21 15:53:10 gpg-agent[404] DBG: chan_0140 - OK Pleased to meet you 2015-01-21 15:53:10 gpg-agent[404] DBG: chan_0140 - RESET 2015-01-21 15:53:10 gpg-agent[404] DBG: chan_0140 - OK 2015-01-21 15:53:10 gpg-agent[404] DBG: chan_0140 - OPTION allow-pinentry-notify 2015-01-21 15:53:10 gpg-agent[404] DBG: chan_0140 - OK 2015-01-21 15:53:10 gpg-agent[404] DBG: chan_0140 - OPTION agent-awareness=2.1.0 2015-01-21 15:53:10 gpg-agent[404] DBG: chan_0140 - OK 2015-01-21 15:53:10 gpg-agent[404] DBG: chan_0140 - AGENT_ID 2015-01-21 15:53:10 gpg-agent[404] DBG: chan_0140 - ERR 67109139 Unknown IPC command GPG Agent 2015-01-21 15:53:10 gpg-agent[404] DBG: chan_0140 - RESET 2015-01-21 15:53:10 gpg-agent[404] DBG: chan_0140 - OK 2015-01-21 15:53:10 gpg-agent[404] DBG: chan_0140 - GENKEY 2015-01-21 15:53:10 gpg-agent[404] DBG: chan_0140 - S INQUIRE_MAXLEN 1024 2015-01-21 15:53:10 gpg-agent[404] DBG: chan_0140 - INQUIRE KEYPARAM 2015-01-21 15:53:10 gpg-agent[404] DBG: chan_0140 - D (genkey(rsa(nbits 4:2048))) 2015-01-21 15:53:10 gpg-agent[404] DBG: chan_0140 - END 2015-01-21 15:53:10 gpg-agent[404] starting a new PIN Entry 2015-01-21 15:53:10 gpg-agent[404] DBG: connection to PIN entry established 2015-01-21 15:53:10 gpg-agent[404] DBG: chan_0140 - INQUIRE PINENTRY_LAUNCHED 2920 2015-01-21 15:53:10 gpg-agent[404] DBG: chan_0140 - END 2015-01-21 15:53:16 gpg-agent[404] starting a new PIN Entry 2015-01-21 15:53:16 gpg-agent[404] DBG: connection to PIN entry established 2015-01-21 15:53:16 gpg-agent[404] DBG: chan_0140 - INQUIRE PINENTRY_LAUNCHED 5744 2015-01-21 15:53:16 gpg-agent[404] DBG: chan_0140 - END 2015-01-21 15:53:20 gpg-agent[404] S2K calibration: 4904960 - 93ms - -- Hideki Saito OpenPGP Key: http://hidekisaito.com/aff2e40b.txt 1066 3928 7B0B E7CD A0CB 3686 1FDF D937 AFF2 E40B http://hidekisaito.com -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIiBAEBCAAMBQJUwD2yBYMSzAMAAAoJEOIIPMPrC7kZ8mUP/0K0aiK6FYVYQdgA l14UknEmmZJ7T5sRCaii/2JITNS9UIMjEx14fGkHkA7WY5bFxg+sTIDc7roZBaM5 DcBqE+T0epSQoM/a0yLce9/usx2L4iDOtk/Zd+0XPAOfDraKSMAlrtADQ+se53lg jE3mIF19dDVNBjfHc46FYbhtEWlQ2Fyrk51OQlpfNRnndjPhMld9+ciS0TDgW2mP XTj7s2t2VJsNjhI1XPlVTK4PckEUWXMYfB1hKFznZIYTcj37oBEVuZ0peIbj3c0H pCbKxaREm4UqhiFjIwcXdk0KbycgQ1jPR2EQNdv/t+lczb8xv/6f7ZgUeeUWs79k +s9ZwU6v0mdHWLkhmXO4GRs32Hq26ojF8alcFjQ/i16Pr6bmcaH81WNl8Y2fneqF U/2s6924c43xEJG5diCShlyR0LqBW1NN8SddciIlXw70uXCirEPalbngmHornDj5 KYEt5r660qGJutxxr4RzC45MPr/gKIfi/ISpsXqF1OZ/87j0r6p3BUipN1P4lU8y v2Ycbz5ugjiMRGnYVwdr3WkpAkLqzDenzKRF4drmuTt4HKtcy/7kOUXEBVlRDTPu COuO/cBvs2/PydzB2QKfeVf2IUElWoNGWUpaLH8UbMKSj6+fUls8IhRl0+HBNzuL hBwD/CUm859cW+Ozr+vZuLOnAR7X =vqRZ -END PGP SIGNATURE-___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Crypto device where I need to confirm every operation?
To prevent such an attack, I imagine a device where I have to confirm every transaction with a simple push on a hardware button. This attack can't be prevented. Once the attacker has control over your hardware, you're done. Game over. People keep on trying to invent ways to do crypto even on compromised hardware, but it's a completely lost cause. The attacker has too many options at that point for you to make any sort of effective defense. If I were Eve and I wanted to defeat your pushbutton setup, here's what I'd do: 1. Figure out exactly your operating system 2. Figure out which forums you look for help on 3. Start posting messages on forums for your operating system, saying I was having problems with your specific card reader and how it wasn't responding to a pushbutton 4. Post answers, under a different name, saying this was a known problem with your model of card reader under the most recent USB driver update, and that unplugging and replugging the device was usually enough to reboot the card reader and make it work 5. Under yet more fake account names, upvote the answer and talk about how it works for me 6. Repeat #s 3-5 over several different web forums 7. A couple of weeks later, subvert your machine 8. Replace your copy of GnuPG with one that caches the PIN. When you enter your PIN and push the button, it silently substitutes my message for yours. You sign it, and this compromised GnuPG deposits the signed message in some hidden file/directory somewhere awaiting my later collection 9. You'd be understandably concerned. You'd check web forums and see, ah, this bug has been reported by five different people, and a lot of people are confirming that unplugging and replugging the USB device solves the problem. 10. You unplug and replug the card reader. My malware detects the unplug/replug and uses that as its clean up and get out of there trigger. It erases itself and leaves behind a clean GnuPG in its wake. 11. You re-try signing your message. It works correctly. However, you've already signed a message of my choosing, and I can pick it up off your machine at my leisure. ... I understand the wish to make a system that's secure even if the underlying hardware is compromised. I really do. But it's a fantasy. Can't be done. Once you lose control over the hardware the attacker has a near-limitless number of possible attacks, and there's absolutely no way for you to defend against all of them, or even to effectively anticipate what it will be. Please don't tell me how, well, to defend against your attack I'd just...; that misses the point. The point is there are literally *hundreds*, if not *thousands*, of attacks like this that could be levied against you, and there is absolutely no way for you to anticipate or defend against even a significant fraction of them. Once you lose control of the hardware, you're done. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Crypto device where I need to confirm every operation?
There are degrees of “control over your hardware” and complete control hardware is rarely going to happen. If the concerns voiced by some developers about the randomness quality of Intel’s hardware random number generator (RNG) around the time of the Snowden leaks are true http://arstechnica.com/security/2013/12/we-cannot-trust-intel-and-vias-chip-based-crypto-freebsd-developers-say/ then we are all compromised, so why are we even bothering to use tools like GnuPG, which according to the documentation uses Intel’s RDRAND CPU instruction (which calls its hardware RNG) among its entropy sources? Because it is using other ones, like dev/random, so there is no one point of weakness and from a practical point of view there is little risk. Sandeep Murthy s.mur...@mykolab.com On 22 Jan 2015, at 18:44, Robert J. Hansen r...@sixdemonbag.org wrote: To prevent such an attack, I imagine a device where I have to confirm every transaction with a simple push on a hardware button. This attack can't be prevented. Once the attacker has control over your hardware, you're done. Game over. People keep on trying to invent ways to do crypto even on compromised hardware, but it's a completely lost cause. The attacker has too many options at that point for you to make any sort of effective defense. If I were Eve and I wanted to defeat your pushbutton setup, here's what I'd do: 1. Figure out exactly your operating system 2. Figure out which forums you look for help on 3. Start posting messages on forums for your operating system, saying I was having problems with your specific card reader and how it wasn't responding to a pushbutton 4. Post answers, under a different name, saying this was a known problem with your model of card reader under the most recent USB driver update, and that unplugging and replugging the device was usually enough to reboot the card reader and make it work 5. Under yet more fake account names, upvote the answer and talk about how it works for me 6. Repeat #s 3-5 over several different web forums 7. A couple of weeks later, subvert your machine 8. Replace your copy of GnuPG with one that caches the PIN. When you enter your PIN and push the button, it silently substitutes my message for yours. You sign it, and this compromised GnuPG deposits the signed message in some hidden file/directory somewhere awaiting my later collection 9. You'd be understandably concerned. You'd check web forums and see, ah, this bug has been reported by five different people, and a lot of people are confirming that unplugging and replugging the USB device solves the problem. 10. You unplug and replug the card reader. My malware detects the unplug/replug and uses that as its clean up and get out of there trigger. It erases itself and leaves behind a clean GnuPG in its wake. 11. You re-try signing your message. It works correctly. However, you've already signed a message of my choosing, and I can pick it up off your machine at my leisure. ... I understand the wish to make a system that's secure even if the underlying hardware is compromised. I really do. But it's a fantasy. Can't be done. Once you lose control over the hardware the attacker has a near-limitless number of possible attacks, and there's absolutely no way for you to defend against all of them, or even to effectively anticipate what it will be. Please don't tell me how, well, to defend against your attack I'd just...; that misses the point. The point is there are literally *hundreds*, if not *thousands*, of attacks like this that could be levied against you, and there is absolutely no way for you to anticipate or defend against even a significant fraction of them. Once you lose control of the hardware, you're done. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users signature.asc Description: Message signed with OpenPGP using GPGMail ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Crypto device where I need to confirm every operation?
On Thu 2015-01-22 13:44:12 -0500, Robert J. Hansen wrote: To prevent such an attack, I imagine a device where I have to confirm every transaction with a simple push on a hardware button. [...] Once you lose control of the hardware, you're done. The attack you describe is significantly more complex and more visible than the attack the original poster outlined. Yes, in the long run, if you can't trust your endpoint, you can be compromised. But this is a game of defense in depth, and the proposed changes seem like a useful step in raising the bar for an attacker. --dkg ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Crypto device where I need to confirm every operation?
Il 22/01/2015 21:08, Daniel Kahn Gillmor ha scritto: If anyone is considering adding this kind of feature to the FST-01, i'd be happy to test and debug it with them. I proposed to add a button to FST-01 ages ago (IIRC it still was just a project on Seeedstudio...), as user presence test, and am having a look at implementing it. But I received the programmer too late and now I have a more demanding (and really high priority!) project: my son! :) But I'll try to implement it, even if really slowly. BYtE, Diego. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Crypto device where I need to confirm every operation?
That's not what the original poster was positing, though: the original poster was positing *someone else* had complete control -- and trying to make a system that works in that environment is a fool's errand. I was referring to exactly that - *somebody else* having complete control over your hardware, remotely. There are degrees of that, and it just seems like an uninteresting abstraction here - what does it look like? The original question was: I currently use GnuPG with an OpenPGP Card V2.0 in a smart card reader with PIN pad. However, there is one attack which I think could be easily prevented: With the card in the reader, the PIN entered, and Eve having remote access to my machine, she could sign and decrypt documents. To prevent such an attack, I imagine a device where I have to confirm every transaction with a simple push on a hardware button. An even simpler solution would be to disable all remote sharing services via the OS. What else does remote access mean? After Shellshock anyone with a Unix like OS enabling such services, e.g. like SFTP or SSH, is recommended to either upgrade their Bash shell, or turn off these services completely, which is easy to do. Sandeep Murthy s.mur...@mykolab.com On 22 Jan 2015, at 23:37, Robert J. Hansen r...@sixdemonbag.org wrote: There are degrees of “control over your hardware” and complete control hardware is rarely going to happen. That's not what the original poster was positing, though: the original poster was positing *someone else* had complete control -- and trying to make a system that works in that environment is a fool's errand. then we are all compromised, so why are we even bothering to use tools like GnuPG... Excellent question. Vint Cerf has said that in his estimate one of five desktop PCs is completely pwn3d by malware. We don't pay enough attention to that. We tend to assume the security of the endpoints, and that's simply not a supportable assumption nowadays. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users signature.asc Description: Message signed with OpenPGP using GPGMail ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Crypto device where I need to confirm every operation?
On Thu 2015-01-22 16:28:06 -0500, NdK wrote: I proposed to add a button to FST-01 ages ago (IIRC it still was just a project on Seeedstudio...), as user presence test, and am having a look at implementing it. But I received the programmer too late and now I have a more demanding (and really high priority!) project: my son! :) But I'll try to implement it, even if really slowly. Awesome. the expansion port should be usable for wiring up the button: http://www.seeedstudio.com/wiki/FST-01#Extension_port_of_VDD.2FGND.2FPort0.2FPort1 We might also want an independent LED to signal that the user presence test is demanded -- so that LED indicators for device activity aren't confused with the request for user presence. I haven't looked into what it will take to make the user presence test a part of the signing process, though. Maybe NIIBE Yutaka can chime in about the best way to do that? --dkg ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Crypto device where I need to confirm every operation?
Smartcards exist to keep private keys safe(r) from being stolen. They do a pretty good job of that. But when we expect smartcards to be able to somehow make a compromised environment safe to operate in, then we've crossed the line and turned them into magic crypto fairy dust. Yes, but maybe you are missing an interesting point... You're changing the subject slightly. :) The thread is about letting a legitimate user continue to safely use the system; you're talking about limiting the damage an attacker can do. The two are related but different. The idea might be good for damage mitigation; but for permitting continued normal operation, it's IMO a non-starter on every level. smime.p7s Description: S/MIME Cryptographic Signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Talking about Cryptodevices... which one?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hello, Well, some months ago I wanted to take a look at existing smartcards and/or readers that hopefully support both OpenPGP and x503 certificates, but my Google-Fo failed me, I couldn't figure out where to buy something that works on Windows and can be shipped to Chile. Any advice? I'm not planning to buy right now, but the first step is to know what to buy, where to buy, and how much does it cost. Best Regards -BEGIN PGP SIGNATURE- Version: GnuPG v2 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCAAGBQJUwb86AAoJEMV4f6PvczxAWE8H+wav12mzITZwDOc15OAEnG2b RvW1jQ9/VXwHMbAl3b/pgLv9AHdd2vcqULRhqUW3HdCwNj9/14xDB8IQ51ogBoTk 1Xyr56e3DVzHjK3c6V4lyrtBbue8GPlU0rMh/uKutOEBzmrAT6wO1/vwicC/zV0s QLjN3uNrk7DubIYWfEicWPBKm1icu4YzgIHoBjOzX/NPCnALEwjcRdLqxMInLjVA sAT61l0ojvbwC64KSMQ1yu7gMrK5h2MF+F1ODWzdXuDvdQ1RrIG2NUW2ZS8SHCHW nF+mtkEiy1Rutl+TfgaebSxSJ+sQHoT/EKX2ebu4GX7Ko4gO0Capx4hH3aZn/u4= =Cbrr -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Crypto device where I need to confirm every operation?
I didn’t mean to include the word “complete” in there - true, there are degrees of control that somebody else can have over your computer. I don’t think this tells us anything in relation to the original problem, and besides from a practical point of view there are some simple steps people can take to reduce risks, for example, of unauthorised or malicious remote access. I didn’t state any opinions about somebody continuing to use their compromised system to counteract further efforts. Hardware compromise again is an abstraction. There are many imaginable ways in which your computer could be compromised, the question only becomes interesting when it relates to particular attacks / exploits. Sandeep Murthy s.mur...@mykolab.com On 23 Jan 2015, at 03:15, Robert J. Hansen r...@sixdemonbag.org wrote: I was referring to exactly that - *somebody else* having complete control over your hardware, remotely. There are degrees of that... There aren't. It's like saying someone's a little bit pregnant. You have complete control, or you have less-than-complete control. There are degrees of less-than-complete, but not complete. The name of the game is prevention, detection, and recovery: prevent compromises from occurring, detect them when prevention fails, and recovery to a known-good state. In electronic voting we liked to have multiple orthogonal PDR; the idea of somehow persisting in operations after complete compromise was always seen as a fool's errand. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users signature.asc Description: Message signed with OpenPGP using GPGMail ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Crypto device where I need to confirm every operation?
I was referring to exactly that - *somebody else* having complete control over your hardware, remotely. There are degrees of that... There aren't. It's like saying someone's a little bit pregnant. You have complete control, or you have less-than-complete control. There are degrees of less-than-complete, but not complete. The name of the game is prevention, detection, and recovery: prevent compromises from occurring, detect them when prevention fails, and recovery to a known-good state. In electronic voting we liked to have multiple orthogonal PDR; the idea of somehow persisting in operations after complete compromise was always seen as a fool's errand. smime.p7s Description: S/MIME Cryptographic Signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Crypto device where I need to confirm every operation?
There are degrees of “control over your hardware” and complete control hardware is rarely going to happen. That's not what the original poster was positing, though: the original poster was positing *someone else* had complete control -- and trying to make a system that works in that environment is a fool's errand. then we are all compromised, so why are we even bothering to use tools like GnuPG... Excellent question. Vint Cerf has said that in his estimate one of five desktop PCs is completely pwn3d by malware. We don't pay enough attention to that. We tend to assume the security of the endpoints, and that's simply not a supportable assumption nowadays. smime.p7s Description: S/MIME Cryptographic Signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Crypto device where I need to confirm every operation?
The attack you describe is significantly more complex and more visible than the attack the original poster outlined. Right: that's because the original poster outlined an attack which was, in my opinion, naive. If Eve can read arbitrary memory locations on your desktop PC without your knowledge, then Eve's got root access. At that point you need to start thinking like a clever person with root access. The alternative is to say, well, assume Eve's got some exotic side channel that only allows her a limited ability to monitor... Okay, great: what's the side channel? Defending against a side channel that you don't know exists is pretty suboptimal, too, since you can always imagine another hypothetical side channel. Yes, in the long run, if you can't trust your endpoint, you can be compromised. This isn't about not trusting the endpoint: this is about a security system built on the assumption the endpoint is already compromised. There is no in the long run here. If your endpoint is compromised and you're using it to do crypto operations, you're living in sin. Smartcards exist to keep private keys safe(r) from being stolen. They do a pretty good job of that. But when we expect smartcards to be able to somehow make a compromised environment safe to operate in, then we've crossed the line and turned them into magic crypto fairy dust. smime.p7s Description: S/MIME Cryptographic Signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Crypto device where I need to confirm every operation?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 El 23-01-2015 a las 0:29, Robert J. Hansen escibió: Smartcards exist to keep private keys safe(r) from being stolen. They do a pretty good job of that. But when we expect smartcards to be able to somehow make a compromised environment safe to ... Yes, but maybe you are missing an interesting point... You're changing the subject slightly. :) The thread is about letting a legitimate user continue to safely use the system; you're talking about limiting the damage an attacker can do. The two are related but different. Oh, yes, you are right. After all, if the attacker can steal a signature, then each time we try to sign something legitimate, the attacker may be able to hijack it and sign something we don't want to sign, and the thing we want so sign will remain unsigned. And even if the attacker can't hijack the signature, malware may very well hijack the email account, etc. The idea might be good for damage mitigation; but for permitting continued normal operation, it's IMO a non-starter on every level. Yes, compromised machine must be cleaned ASAP. BTW, if somebody is willing to develope such safety device, I hope it is designed to have a go ahead button to press, but not to require entering a pin-code each time. If entering the password to unlock GPG key too often is unpleasant, doing that in a tiny pin-pad that maybe is not in a comfortable place would be unusable. Best Regards -BEGIN PGP SIGNATURE- Version: GnuPG v2 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCAAGBQJUwdw8AAoJEMV4f6PvczxAFa8IAJSTu/uHY2tE71cTMgfjD2Rm uZG0BFbTF1Ypurz0TxoHxBNfiSjwo+o41gm0+bqV6M24V5hGMAIKBfcpx8GUFZf9 YQrl0Vv7VbffUjcRao96ikkstisU/utzQpn06wbd5hLlEAAl6MAvINg0laqeay3u gjdtgpEQESivsedQm1yFIPy7xvEJ7bT3qmuZ+V8hYnsFA/v/iJilZNRQzZVubmB0 wy8v5HN0PXYuOKCGo+XJTu5I02YKfOhKPEu1gpEY5VpQ7Prl4IeMGr45bM7TXv54 kC0gtv7i4Bmulkg30VeJgdTf7bktmQV5Wx7MgErVGDAIvgJTst2X0e/Q0a5A3zA= =X8pm -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Crypto device where I need to confirm every operation?
On Thu, Jan 22, 2015 at 6:00 PM, Felix E. Klee felix.k...@inka.de wrote: I currently use GnuPG with an OpenPGP Card V2.0 in a smart card reader with PIN pad. Surely, that adds a certain layer of security, as all encryption and signing operations happen on the card. However, there is one attack which I think could be easily prevented: With the card in the reader, the PIN entered, and Eve having remote access to my machine, she could sign and decrypt documents. You can always enable the forcesig option, which requires that the PIN be entered for every signature operation (you can enable by inserting the card and then running'gpg --card-edit', then entering 'toggle', 'admin', 'forcesig'). I'm not aware of any similar option in regards to decryption. -- Pete Stephenson ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Crypto device where I need to confirm every operation?
I currently use GnuPG with an OpenPGP Card V2.0 in a smart card reader with PIN pad. Surely, that adds a certain layer of security, as all encryption and signing operations happen on the card. However, there is one attack which I think could be easily prevented: With the card in the reader, the PIN entered, and Eve having remote access to my machine, she could sign and decrypt documents. To prevent such an attack, I imagine a device where I have to confirm every transaction with a simple push on a hardware button. Does that exist? ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Crypto device where I need to confirm every operation?
On Thu 2015-01-22 12:00:44 -0500, Felix E. Klee wrote: I currently use GnuPG with an OpenPGP Card V2.0 in a smart card reader with PIN pad. Surely, that adds a certain layer of security, as all encryption and signing operations happen on the card. However, there is one attack which I think could be easily prevented: With the card in the reader, the PIN entered, and Eve having remote access to my machine, she could sign and decrypt documents. To prevent such an attack, I imagine a device where I have to confirm every transaction with a simple push on a hardware button. Yes, this is certainly possible. I think some of the yuibkey devices [0] may support this feature, and it should also be possible (with a bit of hardware hacking) to do it with the FST-01, which is the platform for the gnuk [1]. [0] https://www.yubico.com/products/yubikey-hardware/yubikey-neo/ -- i haven't tested, though! [1] http://www.fsij.org/category/gnuk.html If anyone is considering adding this kind of feature to the FST-01, i'd be happy to test and debug it with them. --dkg ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Crypto device where I need to confirm every operation?
On Thursday 22 January 2015 17:00:44 Felix E. Klee wrote: However, there is one attack which I think could be easily prevented: With the card in the reader, the PIN entered, and Eve having remote access to my machine, she could sign and decrypt documents. Are you sure? On my setup, the smartcard seems to only allow one sign operation per pin-entry. Decryption, on the other hand seems to be allowed without re-authorisation until the card has been removed from the reader (or until it has been reset by another means). ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users