On 12/01/14 00:18, Sam Kuper wrote: > Again, perhaps I am wrong. But if I am not, then the use of OpenPGP > cards with non-pinpad readers still makes no sense (at least, not to > me).
Since most readers don't filter VERIFY commands and additionally you can't force the OpenPGP smartcard to require a VERIFY before each decryption anyway, the pinpad really doesn't add much at all for decryption. With regard to the PIN not being known to the attacker when using a pinpad: Werner disagrees that a pinpad can reliably accomplish that. I did a feature request about a year ago, you should read this thread: [1]. And especially Werners answer in [2]. So according to him, it doesn't add much for signatures either. A bugged reader firmware (certainly a possibility) would even still work in the face of a reader filtering VERIFY commands. I think most readers have upgradeable firmware. If an attacker has your PC and knows a vulnerability in the firmware upgrade method, they can just flash their own firmware in your smartcard reader. This is a really difficult to solve scenario. I do think it requires a rather capable attacker. So at least in its current state, a pinpad doesn't add that much. Over to the actual advantages of a smartcard. I disagree that an 8-digit PIN isn't a usability advantage over a good passphrase; it's much easier to enter. But the one big advantage of smartcards: you know that (ignoring very capable attackers) there is only one copy of the key in existence, and that's inside your smartcard[3]. It in principle can't be copied. While the card is connected, an attacker may do as they wish, but once you regain control of your systems, your key is safe again. Doing crypto on a compromised machine is in so many ways a lost cause that this is the best it is going to get in reality: containment of the problem to the compromised machine(s). > I would *guess* that there are additional operations that could be > performed, without disclosing secrets (e.g. PIN; raw private key), on > a compromised machine using a pinpad-protected reader. For instance, > generating new keys. This requires the admin PIN. It's also more of a denial of service than anything else. A denial of service is trivial by doing 3 false Admin PIN attempts, locking the card. By the way, all in all, I'm not convinced a pinpad reader with the ability to force a VERIFY for each decryption wouldn't add a substantial amount of security to the overall system, albeit not perfect. But this feature has been requested and denied. So that's where I agree with you. I disagree that a smartcard without a pinpad isn't useful. HTH, Peter. [1] http://lists.gnupg.org/pipermail/gnupg-users/2013-February/046051.html [2] http://lists.gnupg.org/pipermail/gnupg-users/2013-February/046060.html [3] Okay, for primary and decryption keys maybe some more backups inside a safe, but hey, that's safe ;). -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter> _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
