private key protection
takethebus at gmx.de
takethebus at gmx.de
Tue Oct 18 14:53:39 CEST 2011
Monday, October 17, 2011, 11:30:48 PM, Robert wrote:
> Smartcard and a good PIN. That's pretty much the gold standard. It's
> not the best way (there is no 'best way'), but it's generally an
> excellent place to start from.
I read a smartcard is simply a chip card. Why is it save, what's a
PIN? Say I'm using it on a PC with a trojan in the background
that logs my keystrokes (my password) and can send data (my key)
via internet to an attacker. How is access restricted to the key by
the smartcard?
> 3. The best way is to have one PC connected to the internet and
> another, without an internet connection (missing network drivers and
> a fully encrypted hard disk for instance), which you use to decrypt
> and encrypt messages. You use an USB stick to carry messages from
> the internet PC to the one not connected to the net. If you don't
> have two PCs, you can use another USB stick with privatix without network drivers on it.
Since the PC is "isolated" from the net, I don't need to be afraid of
software keyloggers, trojans etc. I'm only fulnerable to
physical/hardware attacks which are easier to notice for a person
who's no computer expert.
More information about the Gnupg-users
mailing list