On Thu 2015-01-22 12:00:44 -0500, Felix E. Klee wrote: > I currently use GnuPG with an OpenPGP Card V2.0 in a smart card reader > with PIN pad. Surely, that adds a certain layer of security, as all > encryption and signing operations happen on the card. However, there > is one attack which I think could be easily prevented: With the card > in the reader, the PIN entered, and Eve having remote access to my > machine, she could sign and decrypt documents. > > To prevent such an attack, I imagine a device where I have to confirm > every transaction with a simple push on a hardware button.
Yes, this is certainly possible. I think some of the yuibkey devices [0] may support this feature, and it should also be possible (with a bit of hardware hacking) to do it with the FST-01, which is the platform for the gnuk [1]. [0] https://www.yubico.com/products/yubikey-hardware/yubikey-neo/ -- i haven't tested, though! [1] http://www.fsij.org/category/gnuk.html If anyone is considering adding this kind of feature to the FST-01, i'd be happy to test and debug it with them. --dkg _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
