On Thu, Feb 5, 2015 at 6:38 PM, Matt Garman matthew.gar...@gmail.com wrote:
Steps to demonstrate issue:
(1) Start gpg-agent with --no-detach option
(2) Make sure $DISPLAY is not set to force pinentry to fallback to curses
(3) Attempt to decode a gpg-encrypted file to trigger pinentry
[...]
On 04/02/15 23:12, Matthias-Christian Ott wrote:
You could protect against this scenario by signing the firmware.
Yes, you /could/. However, we were talking about Rainer smartcard readers, which
/don't/.
I think we're really not having the same discussion here...
I didn't make this argument.
On 2015-02-05 10:38, Peter Lebbing wrote:
On 04/02/15 23:12, Matthias-Christian Ott wrote:
You could protect against this scenario by signing the firmware.
Yes, you /could/. However, we were talking about Rainer smartcard readers,
which
/don't/.
Do you have evidence for this? If they
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
El 05-02-2015 a las 16:00, MFPA escibiĆ³:
Hi
On Thursday 5 February 2015 at 9:38:29 AM, in
mid:54d33a15.5050...@digitalbrains.com, Peter Lebbing wrote:
Oh, by the way:
But will a smartcard solve the problem that the host computer
This might be a bug, but could also be user-error, so I thought I'd
check the mailing list.
I'm using gpg-agent v2.0.14 (this ships with CentOS/RHEL 6.5). This
distribution ships pinentry-0.7.6, but I also see this behavior with
the latest pinentry-0.9.0 from gnupg.org source.
Steps to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Thursday 5 February 2015 at 9:38:29 AM, in
mid:54d33a15.5050...@digitalbrains.com, Peter Lebbing wrote:
Oh, by the way:
But will a smartcard solve the problem that the host
computer might be infected with malware?
I'm absolutely sure