More secure than smartcard or cryptostick against remote attacks?
Hauke Laging
mailinglisten at hauke-laging.de
Wed Feb 6 11:37:30 CET 2013
Am Mi 06.02.2013, 10:28:13 schrieb Peter Lebbing:
> Can you explain (broadly) how one would compromise the signature/the device
> that you sign with?
That seems easy to me: Except for small amounts (secure device's display
capacity) of very simple data (plain text) you have the problem that the PC
which you need to create (and view) the data to be signed sends a blob to the
secure device which is opaque to you.
The problem is not to forge a signature but the difficulty to force that only
data with checked integrity gets signed. How are you going to do that with a
PDF?
The only possibility I see is that the secure device shows you the hash of the
data to be signed. IIRC unfortunately OpenPGP does not sign the data hash but
the hash of the combination of the data and signature metadata which really
doesn't make this easier. So you would need a secure device which you can give
both the data and the metadata so that it can show both (in case of the data:
just the hash) to the user. Then you can (safely...) copy the data to several
PCs and have them show you both the file hash and the document (in that
order). Hoping that at least one of the PCs is not compromised.
I really hope that the next version of OpenPGP will sign data and metadata
separately (and allow for multiple hashes of different types in the same
signature) to get rid of this annoyance.
Hauke
--
☺
PGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 (seit 2012-11-04)
http://www.openpgp-schulungen.de/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 572 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20130206/28abdc09/attachment.pgp>
More information about the Gnupg-users
mailing list