gnupg 'signing server'? Looking for advice on key management/security

Jacob Bachmeyer jcb62281 at gmail.com
Mon Nov 13 02:46:42 CET 2023


Daniel Cerqueira via Gnupg-users wrote:
> Jeff Schmidt <jsbiff at weldingengineering.com> writes:
>
> [...]
> You may want to consider using an OpenPGP smartcard (for example, a
> Yubikey). Seems that you are a good fit.
>
> Using a OpenPGP smartcard, the private key never leaves the smartcard.
> The smartcard can also be used on a smartphone that has NFC support.
>   

The problem here is that, while the key never leaves the smartcard, the 
/entire/ device that accesses the smartcard must be trusted, as a 
backdoor on the device could steal plaintext or submit extra items for 
signing.  A PIN does not solve the problem, since the PIN is entered on 
the device, which could be backdoored to store the PIN and submit it 
along with Mallory's messages for the smartcard to sign---and the card 
will sign it, since the PIN checks out...

Smartcards make silently duplicating the key difficult (supposedly 
infeasible) but do not solve the general problems with network-connected 
devices.


-- Jacob




More information about the Gnupg-users mailing list