Jacob Bachmeyer <jcb62...@gmail.com> writes: > The problem here is that, while the key never leaves the smartcard, > the /entire/ device that accesses the smartcard must be trusted, as a > backdoor on the device could steal plaintext or submit extra items for > signing. A PIN does not solve the problem, since the PIN is entered > on the device, which could be backdoored to store the PIN and submit > it along with Mallory's messages for the smartcard to sign---and the > card will sign it, since the PIN checks out... > > Smartcards make silently duplicating the key difficult (supposedly > infeasible) but do not solve the general problems with > network-connected devices.
If you don't trust pinentry, maybe you should also not trust gnupg. They are from the same project (gnupg.org). I believe is best for you not to use gnupg and pinentry, until you review it. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users