On 05/10/2011 12:01 AM, Jerome Baum wrote: > c) Program the smart-card so it doesn't sign sub-keys? I'm not familiar with > the internals of smart-card implementations but the OpenPGP sub-key > signatures are of a different type than the data signatures. The smart-card > can probably recognize if it's inadvertently signing a sub-key.
I doubt it -- the bytestring signed during OpenPGP key+userid
certifications has a different prefix than the bytestring signed during
a data signature.
But i think the data signed by a hardware implementation is a digest of
the bytestring, not the bytestring itself. I don't think a smartcard
would be able to tell the prefix of the underlying bytestring from the
digest it receives as a signature request.
--dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
