2010/4/21 Andreas Jellinghaus <a...@dungeon.inka.de>: > well, if the token is a smart phone, it can display the pdf and show > it to me, before I agree to sign it. thats my whole point: smart > cards/ usb crypto tokens, even with pinpad readers, have this problem > of not being able to display a pdf before I sign it. a simple nice > personal, trusted device with a real screen and input system and > security system build in could do that on the other hand. > wait! I already have something like that, my mobile phone ...
A PDF document is not static but dynamic. The same document can be displayed differently depending on external input (time for example). So you may sign a PDF document displaying 100€ on your phone but the bank will see the same document displaying 10,000€. A PDF document is NOT static as an image. See a presentation at a security conference [1]. The article and presentation is in French sorry. The paper was previously presented at an English conference [2] but I can't find the English article online. Bye [1] http://www.sstic.org/2009/presentation/Les_origamis_malicieux_en_PDF_contre_attaquent/ [2] http://pacsec.jp/pastevents.html -- Dr. Ludovic Rousseau _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel