On Fri, 3 Dec 2010 13:21, mailinglis...@hauke-laging.de said: > A first improvement would be to show the hash to be signed. Of course, you
That does not help. Even if you would be able to compare it with the hash displayed on the host box, you gain nothing: Any malware which foist you a different file for signing won't have a problem to display you the same hash value on the host and and the pinpad. The whole problem of a secure signing device is a problem of the data formats you want to sign. With any of todays en vogue data formats, you need a lot of code on your secure signing device (e.g. a pinpad) to render it for display. This increases the complexity to a level where it will be possible to exploit bugs in those OpenOffice or PDF viewers. In addition those formats have other intrinsic problems which make them a bad choice to be signed in a secure way. What might work are JPEGs - but who wants to sign a JPEG file and have recipients work with an image of your text? Plain text may work, though. For a long text it won't work either, because nobody is going to proofread a text on some small display before signing it. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
