Crypto device where I need to confirm every operation?

Daniel Kahn Gillmor dkg at fifthhorseman.net
Thu Jan 22 21:08:31 CET 2015


On Thu 2015-01-22 12:00:44 -0500, Felix E. Klee wrote:
> I currently use GnuPG with an OpenPGP Card V2.0 in a smart card reader
> with PIN pad. Surely, that adds a certain layer of security, as all
> encryption and signing operations happen on the card. However, there
> is one attack which I think could be easily prevented: With the card
> in the reader, the PIN entered, and Eve having remote access to my
> machine, she could sign and decrypt documents.
>
> To prevent such an attack, I imagine a device where I have to confirm
> every transaction with a simple push on a hardware button.

Yes, this is certainly possible.  I think some of the yuibkey devices
[0] may support this feature, and it should also be possible (with a bit
of hardware hacking) to do it with the FST-01, which is the platform for
the gnuk [1].

[0] https://www.yubico.com/products/yubikey-hardware/yubikey-neo/ -- i
    haven't tested, though!

[1] http://www.fsij.org/category/gnuk.html

If anyone is considering adding this kind of feature to the FST-01, i'd
be happy to test and debug it with them.

   --dkg



More information about the Gnupg-users mailing list