On 04/08/17 14:39, Matthias Apitz wrote: > But this implies that everyone with priv access on the remote host could > abuse your secret key on your localhost, especially when a GnuPG-card is > used and you entered the PIN to unlock the secret key. I'm wrong?
Yes, someone with root on the remote machine can do whatever they want on that machine. The solution is not to perform *any* crypto on a machine whose admins you do not trust. There's nothing that software can do to protect you from rogue sysadmins. If you don't want the sysadmins on the remote machine to abuse your private key, then you have to download the data, perform your crypto locally and then upload the data again. Once you allow any software on the remote machine to access your local resources, the remote sysadmins can access them too. This applies to all sorts of other things BTW, such as client drives and printers shared over RDP. -- Andrew Gallagher
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
