Communication with card reader encrypted?
Peter Lebbing
peter at digitalbrains.com
Sun Aug 26 11:31:13 CEST 2018
On 26/08/18 11:12, Felix E. Klee wrote:
>> I think you'll need to trust the cable anyway,
>
> Well, if the cable is soldered to the reader, then it’s much harder
> to tamper with. Swapping a replaceable cable requires much less
> effort.
I meant: even if the communication were encrypted and protected against
men in the middle, you still cannot use a compromised cable, ever, since
the compromised cable will compromise your entire phone instead of the
encrypted communication.
So avoiding the need of a separate cable altogether is indeed a
possibility if you're concerned about this. However, you'll need to
avoid cables for anything you plug into your phone, not just for your
smartcard reader. If instead you just store your charger, its cable and
your smartcard reader together, you can use that one cable for both
charging your phone and using the smartcard reader. And clearly you'll
need to protect all these parts against tampering, not just the
smartcard reader, regardless of whether your smartcard reader has a lead
or not.
> [...] logging everything, for debugging of course. ;)
Nah, for getting back that data you accidentally deleted ;-).
HTH,
Peter.
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20180826/d7b1ca94/attachment.sig>
More information about the Gnupg-users
mailing list