On Thu, Jan 22, 2015 at 6:00 PM, Felix E. Klee <felix.k...@inka.de> wrote: > I currently use GnuPG with an OpenPGP Card V2.0 in a smart card reader > with PIN pad. Surely, that adds a certain layer of security, as all > encryption and signing operations happen on the card. However, there > is one attack which I think could be easily prevented: With the card > in the reader, the PIN entered, and Eve having remote access to my > machine, she could sign and decrypt documents.
You can always enable the "forcesig" option, which requires that the PIN be entered for every signature operation (you can enable by inserting the card and then running'gpg --card-edit', then entering 'toggle', 'admin', 'forcesig'). I'm not aware of any similar option in regards to decryption. -- Pete Stephenson _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users