On Tue, May 10, 2011 at 06:18, Daniel Kahn Gillmor <d...@fifthhorseman.net>wrote:
> On 05/10/2011 12:01 AM, Jerome Baum wrote: > > c) Program the smart-card so it doesn't sign sub-keys? I'm not familiar > with > > the internals of smart-card implementations but the OpenPGP sub-key > > signatures are of a different type than the data signatures. The > smart-card > > can probably recognize if it's inadvertently signing a sub-key. > > I doubt it -- the bytestring signed during OpenPGP key+userid > certifications has a different prefix than the bytestring signed during > a data signature. > > But i think the data signed by a hardware implementation is a digest of > the bytestring, not the bytestring itself. I don't think a smartcard > would be able to tell the prefix of the underlying bytestring from the > digest it receives as a signature request. Is that an implementation problem? i.e. is it possible to write an implementation that does distinguish, or is it technically impossible w/out processing the entire data on-card? -- Jerome Baum tel +49-1578-8434336 email jer...@jeromebaum.com -- PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
