On 13/01/2014, Peter Lebbing wrote:
> On 12/01/14 00:18, Sam Kuper wrote:
>> Again, perhaps I am wrong. But if I am not, then the use of OpenPGP
>> cards with non-pinpad readers still makes no sense (at least, not to
>> me).
>
> Since most readers don't filter VERIFY commands
Yes, I'm getting to
On 12/01/14 00:18, Sam Kuper wrote:
> Again, perhaps I am wrong. But if I am not, then the use of OpenPGP
> cards with non-pinpad readers still makes no sense (at least, not to
> me).
Since most readers don't filter VERIFY commands and additionally you can't force
the OpenPGP smartcard to require
On Jan 12, 2014 3:52 AM, "MFPA" <2014-667rhzu3dc-lists-gro...@riseup.net>
wrote:
> Sam Kuper wrote:
> > Yes, as I said, it could tamper with the message. But
> > if it does that, then when a recipient attempts to
> > verify the signature, gpg --verify will give the
> > message, "gpg: BAD signature"
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Saturday 11 January 2014 at 11:18:55 PM, in
,
Sam Kuper wrote:
> Yes, as I said, it could tamper with the message. But
> if it does that, then when a recipient attempts to
> verify the signature, gpg --verify will give the
> message, "gpg:
On 11/01/2014, David Tomaschik wrote:
> On Sat, Jan 11, 2014 at 1:05 PM, Sam Kuper wrote:
>> On Jan 9, 2014 7:16 PM, "David Tomaschik"
>> wrote:
>> > if the machine you are using for crypto operations is compromised, you
>> have lost (at least for the operations conducted while it is compromised
On Sat, Jan 11, 2014 at 1:05 PM, Sam Kuper wrote:
> On Jan 9, 2014 7:16 PM, "David Tomaschik"
> wrote:
> >
> > if the machine you are using for crypto operations is compromised, you
> have lost (at least for the operations conducted while it is compromised)
>
> Perhaps I'm wrong, but I don't ent
On Jan 9, 2014 7:16 PM, "David Tomaschik" wrote:
>
> if the machine you are using for crypto operations is compromised, you have
> lost (at least for the operations conducted while it is compromised)
Perhaps I'm wrong, but I don't entirely accept this. Surely if you are
signing with a key stored
On 07/01/2014, Peter Lebbing wrote:
> On 07/01/14 17:27, Werner Koch wrote:
>> See the card HOWTO or try gpg --card-edit, admin, help.
>
> Additionally, in the OpenPGP Card 2.0.1 spec, the DO with tag C4 on page
> 17,
> section 7.2.2 (VERIFY) and section 7.2.8 (PSO: COMPUTE DIGITAL SIGNATURE)
> al
Ignoring the fact that if the machine you are using for crypto operations
is compromised, you have lost (at least for the operations conducted while
it is compromised), a smartcard without a PIN pad may compromise your pin
(and allow arbitrary operations while the smartcard is protected) but still
On 07/01/2014, Sam Kuper wrote:
> On 06/01/2014, Werner Koch wrote:
The question is whether this is really helpful. Yes, it protects your
PIN
>
> That is helpful. No question about this part!
Perhaps I should be clearer about why I believe it is unquestionably
helpful for OpenPGP-comp
On 07/01/14 17:27, Werner Koch wrote:
> See the card HOWTO or try gpg --card-edit, admin, help.
Additionally, in the OpenPGP Card 2.0.1 spec, the DO with tag C4 on page 17,
section 7.2.2 (VERIFY) and section 7.2.8 (PSO: COMPUTE DIGITAL SIGNATURE) all
specify this one-VERIFY-per-SIG behaviour.
HTH
On Tue, 7 Jan 2014 16:28, sam.ku...@uclmail.net said:
> "PSO:DEC" but does not define it. That document also mentions
> "PSO:DECRYPT" but does not define it. And finally, that document
> defines "PSO: DECIPHER". Are these three terms synonyms, or do they
I guess so.
> 2. I assume that your "PSO
Dear Werner,
Thank you for your kind reply.
On 06/01/2014, Werner Koch wrote:
>>> The question is whether this is really helpful. Yes, it protects your
>>> PIN
That is helpful. No question about this part!
> After a successful verification of the PIN the card allows the use of
> the PSO Decry
On Mon, Jan 06, 2014 at 10:34:06AM +0100, Werner Koch wrote:
> an attacking malware only needs to trick you info decrypt an arbitrary
> message and is then free to use the smartcard without having the reader
> ask you again for a PIN.
Although these are important attacks to consider, PIN entry on
Il 06/01/2014 10:34, Werner Koch ha scritto:
> To make use of the decryption key the smartcard first requires that a
> VERIFY command is send to the card. This is what asks for the PIN.
> After a successful verification of the PIN the card allows the use of
> the PSO Decrypt command until a power
On Sun, 5 Jan 2014 16:18, sam.ku...@uclmail.net said:
>> The question is whether this is really helpful. Yes, it protects your
>> PIN but it does not protect the use of your decryption key.
>
> Please could you elaborate?
To make use of the decryption key the smartcard first requires that a
VER
On Jan 5, 2014 1:18 PM, "Werner Koch" wrote:
> On Sun, 5 Jan 2014 05:02, sam.ku...@uclmail.net said:
> Take care: The Omnikey does not work with free software and 2048 bit
> or larger keys. Better get a Gemalto or Identive (SCM) reader.
Thanks for the warning :)
> > In group 2 above, the small
On Sun, 5 Jan 2014 05:02, sam.ku...@uclmail.net said:
> conventional USB stick-sized readers (e.g. Omnikey 6121) + ID-000
Take care: The Omnikey does not work with free software and 2048 bit
or larger keys. Better get a Gemalto or Identive (SCM) reader.
> In group 2 above, the smallest reader
Dear GnuPG users,
I am new to this list, so please be gentle.
At some point in the coming months, I may try to obtain an OpenPGP
smart card and reader.
At the moment, such combinations, whether separable or combined into a
single device, seem to be available in two form factors, neither of
which
On 05/01/2014, Sam Kuper wrote:
> In group 2 above, the smallest reader I have found online which offers
> secure PIN entry is the ACR83.
Hm, I've now found several mailing list and forum discussions, etc,
that indicate the ACR83 is not compatible with OpenPGP cards. That's a
pity, as its stated
20 matches
Mail list logo
