More secure than smartcard or cryptostick against remote attacks?

Faramir faramir.cl at gmail.com
Fri Feb 8 21:34:02 CET 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

El 08-02-2013 6:48, Peter Lebbing escribió:
> On 08/02/13 03:12, Josef Schneider wrote:
>> With GnuPG on the other hand someone who has access to my PC can
>> sign whatever he likes and sign as much as he likes, as long as
>> my card reader is attached
> 
> Just so you know, the OpenPGP card has a "forcesig", force
> signature PIN, flag which you can set so you have to enter the PIN
> for every individual signature. Unfortunately (IMHO), there's no
> such flag for decryption and authentication, which can be done
> multiple times with one PIN entry.

  Maybe it would be interesting to add a big "sign" button to the pad.
Probably you would not like to enter a PIN for each signature, but
maybe 1 button to press for each signature (after the PIN has been
entered for the first one) would be interesting. Of course, probably
that would require to modify readers and cards, and maybe very few
people would want it.

  Best Regards

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBCAAGBQJRFWE6AAoJEMV4f6PvczxAZtMH/2oRg2tBUupSXsOfg9h0o/PK
f704aBb3gMGMezVYI//MH7QQJIjVxGPDJbaK2vWGJTyEtLl2wh5+c82EnQEnpq19
wDMzK8FcDL5AzKdLltznLn/iIu+EygOUOMa9/tzD+vQ/9X4R+sJGpDw6rJD6ytku
8THUwPGBcVX4pnYdDBjGQYOxr94R8qGa4FaqRxW6iOWp9Nf63QKgTM6miV/Pf37Q
7Bf8SAQ8KSu0Sf9M9wCVv3T+Qsa+Pmk0LPOEizZ9Pt7UGguakwcce0KQxo4A0qf8
Tdylc35BwctW+8tpM1dRUzlrqvgdLklhguhA1YnFx0RxQBYHurF5T3PYg4fzycI=
=FuKE
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list