At Thu, 01 Jun 2006 10:28:57 -0400, "Jonathan S. Shapiro" <[EMAIL PROTECTED]> wrote: > > On Thu, 2006-06-01 at 12:40 +0200, Marcus Brinkmann wrote: > > > For that reason I have some of my encryption keys on a smart card, on > > which they were generated (the OpenPGP smart card). Smart cards give > > me the advantages of opaque storage that I care about, while reducing > > the risks that I see in it to a bare minimum. > > Fascinating. Even *Marcus* has a use case for storage that is opaque to > the controlling user...
Not in principle. The description of the off-card backup, which I consider the better procedure, should have made it clear. If there were a simple, cheap mechanism that would ensure that only the owner could read out the data on the smart card, I would go for it. However, it is fairly easy to see that with todays smart card designs that such a procedure does not exist. There is a passphrase and an admin passphrase, but they are not strong enough. If they are made strong enough, one can just save the actual key data instead of the passphrase just as well, which is what I suggested. If you were to give me a smartcard with a (probably signed) key on it that I am not allowed to read out or to change, I would not consider myself the "controlling user" or owner, in my terminology, in the same sense that a passport belongs to the government, and not to the holder. Thanks, Marcus _______________________________________________ L4-hurd mailing list [email protected] http://lists.gnu.org/mailman/listinfo/l4-hurd
