New smart card / token alternative
vedaal at nym.hush.com
vedaal at nym.hush.com
Mon Nov 6 23:26:47 CET 2017
On 11/6/2017 at 4:55 PM, "Tim Steiner" <t at crp.to> wrote:
\We have been working on a project to build a direct interface for PGP/GPG usage using U2F for web apps and browser extensions. This is similar to existing smart cards and tokens but no software install is required.
We set out to solve this problem -"Man, I really wish I could read this PGP message, or send this message, or open this file, or sign this file, but I don't have my laptop with me"
With this solution you can keep the key offline, carry it with you and it works even on a computer where you can't install software - https://www.kickstarter.com/projects/1048259057/onlykey-quantum-future-ready-encryption-for-everyo
We are interested to hear feedback on this approach from the community.
=====
Using this on anything except your own computer, or laptop, is problematic,
as the 'host' computer can have a key-logger or screen capturer, and copy the decrypted plaintext, or the plaintext to be encrypted.
Can it be made to work with Tails/Tor which uses GunPG ?
(The 'insecure' browser on Tails not involving Tor, is a Firefox variant.
If it can work on that, then booting from the Tails USB avoids a screencapturer, and using on on-screen keyboard avoids a hardware keyboard logger.
But even so, there are problems with using it on an 'unknown' computer :
https://tails.boum.org/doc/about/warning/index.en.html#index2h1
vedaal
More information about the Gnupg-users
mailing list