Hello, Through an article [1] in LWN, I stumbled across a thread [2] on this list that dealt with the usefulness of smartcards for storing OpenPGP keys.
I understand that OpenPGP smartcards do not protect from a compromise of the computer system that they are used with. As Peter Lebbing puts it [3]: > You don't even have to decrypt the document they're interested in > yourself, and no external push button will save you. Just decrypt > a document twice, and the second time, the attacker can use your > smartcard for their own good while providing the session key they > logged the first time for your decryption. But then, what are threats against which smartcards *are* useful? Robert J. Hansen justifies [4] his use of a smartcard as follows: > Why don't I want to store the private key on multiple computers? > Because a good rule of thumb in a forensics lab is "store the minimum > personal data possible on your systems". But then he also mentions his 128-bit passphrase and that he would be OK to publish his (passphrase-protected) private key in a newspaper. Why then not store it on the disks of multiple computers? Because the decrypted private key could be stolen from RAM by an attacker? But then Robert also says that the computer being compromised is a game-over condition anyway. I got a smartcard to ssh from computers that I trust reasonably but where I am not (the only) root to other (more trusted) machines that I control exclusively and that hold data that I would not store on the less-trusted machines. From a fundamental point of view a smartcard does not provide any additional security here, but I have the imporession that in practice it does, because gaining access to the remote machines becomes more difficult for an attacker (without a smartcard, installing a simple keylogger is enough). This is the same kind of imperfect security we rely on in real life, for example with door locks. Would you agree with me? Thanks Christoph [1] https://lwn.net/Articles/734767/ [2] https://lists.gnupg.org/pipermail/gnupg-users/2017-April/057995.html [3] https://lists.gnupg.org/pipermail/gnupg-users/2017-April/058136.html [4] https://lists.gnupg.org/pipermail/gnupg-users/2017-April/058050.html
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
