Am 09.02.20 um 19:14 schrieb [email protected]: > Am 09.02.20 um 18:52 schrieb Louis ProtonMail: >> I might not be understanding things well, but how is one supposed to >> access the plaintext saved passwords without having the keys used to >> encrypt them and the password to those keys? Where do you keep your GPG >> keys so that you can decrypt the pass entries? > > I think this is exactly the issue here: you can't, unless you give up > some security. If a malicious actor gets into the remote server, he has > access to both private key and GPG encrypted files. He would be only one > passphrase away from your passwords. > > I keep my GPG private key into a smartcard. Without this smartcard > attached to my device, I can't decrypt my passwords. > (...)
For a long time I have wondered, if I can run a full blown class 3 card reader with its own pinpad on an Android smartphone :-) It´s soon time to try :-) Though, I´d never run a simple card reader without pinpad on an Android device, the fear, the pin could get eavesdropped is too big. Smartphones are inherently insecure. _______________________________________________ Password-Store mailing list [email protected] https://lists.zx2c4.com/mailman/listinfo/password-store
