If you are using something like Tails you would probably just install the GPG
agent. Tails allows installing additional software -
https://tails.boum.org/doc/advanced_topics/additional_software/index.en.html.
U2F is available in the new version of Firefox being released later this year
so if that is included in future Tails release then there would be in-browser
support in Tails.
The risk mentioned with a key-logger/screen capture is the same for all smart
cards/tokens, and really all methods of composing a message on a computer. The
risk would even apply to Tails if say the user installed malicious software or
browsed to a site that exploited a browser vulnerability.
On Monday, November 6, 2017, 5:26:51 PM EST, <ved...@nym.hush.com> wrote:
On 11/6/2017 at 4:55 PM, "Tim Steiner" <t...@crp.to> wrote:
\We have been working on a project to build a direct interface for PGP/GPG
usage using U2F for web apps and browser extensions. This is similar to
existing smart cards and tokens but no software install is required.
We set out to solve this problem -"Man, I really wish I could read this PGP
message, or send this message, or open this file, or sign this file, but I
don't have my laptop with me"
With this solution you can keep the key offline, carry it with you and it works
even on a computer where you can't install software -
https://www.kickstarter.com/projects/1048259057/onlykey-quantum-future-ready-encryption-for-everyo
We are interested to hear feedback on this approach from the community.
=====
Using this on anything except your own computer, or laptop, is problematic,
as the 'host' computer can have a key-logger or screen capturer, and copy the
decrypted plaintext, or the plaintext to be encrypted.
Can it be made to work with Tails/Tor which uses GunPG ?
(The 'insecure' browser on Tails not involving Tor, is a Firefox variant.
If it can work on that, then booting from the Tails USB avoids a
screencapturer, and using on on-screen keyboard avoids a hardware keyboard
logger.
But even so, there are problems with using it on an 'unknown' computer :
https://tails.boum.org/doc/about/warning/index.en.html#index2h1
vedaal
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
