Re: use policy of the GnuPG-card

[Peter Lebbing]

On 16/07/17 21:25, Matthias Apitz wrote:
> Why we only have a counter for the signing key?

I don't think a decryption counter makes sense as you'll decrypt the
same data multiple times (a signature is made only once).

An authentication counter would make more sense. However, you can't
collect all authentications you've ever done. You could collect all the
signatures you do and compare the number of results.

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: use policy of the GnuPG-card

[Matthias Apitz]

El día jueves, julio 13, 2017 a las 03:57:47p. m. +0200, Werner Koch escribió:

> ...
> 
> For the signing key we have a signature counter and if you can memorize
> the count and the number of signatures you did, you have a way to detect
> malicious use of that key.  Better malware could of course also present
> you a different count - checking on a clean machine would detect that,
> though.

Why we only have a counter for the signing key?

matthias
-- 
Matthias Apitz, ✉ g...@unixarea.de, ⌂ http://www.unixarea.de/  ☎ 
+49-176-38902045
Public GnuPG key: http://www.unixarea.de/key.pub
8. Mai 1945: Wer nicht feiert hat den Krieg verloren.
8 de mayo de 1945: Quien no festeja perdió la Guerra.
May 8, 1945: Who does not celebrate lost the War.


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: use policy of the GnuPG-card

[Robert J. Hansen]

> One problem comes obviously in mind: Someone with priv access to your 
> workstation,

You just lost.  Everything after this sentence is irrelevant.  Once an
attacker has privileged access to your machine it's all over.

> How is this supposed to be managed?

It can't be.  GnuPG is only for use in environments where you trust the
admins.  GnuPG cannot protect you from a rogue admin.  Do not fall into
the trap of thinking you can manage this: you cannot.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: use policy of the GnuPG-card

[Werner Koch]

On Thu, 13 Jul 2017 12:49, g...@unixarea.de said:

> How is this supposed to be managed?

You can't do anything about it.  The card protects your key against
compromise - but not the use of the key.

For the signing key we have a signature counter and if you can memorize
the count and the number of signatures you did, you have a way to detect
malicious use of that key.  Better malware could of course also present
you a different count - checking on a clean machine would detect that,
though.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


pgprgVHJgUc_Z.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: use policy of the GnuPG-card

[Andrew Gallagher]

On 2017/07/13 11:49, Matthias Apitz wrote:
> 
> One problem comes obviously in mind: Someone with priv access to your 
> workstation,
> for example IT personal, could relatively easy steal your passwords, just 
> setting your
> environment and waiting for the moment that you have unlocked the card with 
> the PIN;
> than he/she could run as root:

*snipped evil plan*

Worse than that, they can keylog your PIN and use that to perform
unlimited crypto operations using your smartcard whenever they detect it
is plugged in. Or they can read decrypted passwords out of memory, or
replace gpg with a version that copies everything it touches to a
network connection. The possibilities are literally endless.

> How is this supposed to be managed?

Don't plug your smartcard into a computer that someone else has root
access to. That's not flippant, that's the best you can do in principle.
Smartcards can protect you against disclosure of your secret key, but
not of data encrypted to that key. If you want to protect all the data
encrypted by that key, then you still need to take all the precautions
that you need to with any other method of secret key storage, and that
means (amongst other things) don't decrypt your data on an untrusted
machine.

Remember, if someone else has root on your computer then it isn't your
computer - it's theirs.

A



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

use policy of the GnuPG-card

[Matthias Apitz]

Hello,

I'm using the GnuPG card for signing, SSH, password-store (Firefox web 
passwords)
and locking un-locking the KDE desktop on card-insert or withdraw.
After resolving some technical (FreeBSD) issues, I now have it on daily
usage on my netbook and my workstation in the office.

One problem comes obviously in mind: Someone with priv access to your 
workstation,
for example IT personal, could relatively easy steal your passwords, just 
setting your
environment and waiting for the moment that you have unlocked the card with the 
PIN;
than he/she could run as root:

# GNUPGHOME=/home/guru/.gnupg-ccid export GNUPGHOME
# PASSWORD_STORE_DIR=/home/guru/.password-store export PASSWORD_STORE_DIR
# pass Business/cheese-whiz-factory
gpg: WARNING: unsafe ownership on homedir '/home/guru/.gnupg-ccid'
cheese

It would also not help to just withdraw the card after any short usage, for 
example to
fire up a SSH session. The attacker could just sit in background waiting for 
this short moment,
which is long enough to copy all your passwords in to clear mode and send them 
away.

How is this supposed to be managed?


 matthias

-- 
Matthias Apitz, ✉ g...@unixarea.de, ⌂ http://www.unixarea.de/  ☎ 
+49-176-38902045
Public GnuPG key: http://www.unixarea.de/key.pub
8. Mai 1945: Wer nicht feiert hat den Krieg verloren.
8 de mayo de 1945: Quien no festeja perdió la Guerra.
May 8, 1945: Who does not celebrate lost the War.


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users