[Gnuk-users] Ed25519 for signing broken?
Jonathan Schleifer
js-gnuk-users at webkeks.org
Wed Feb 11 21:04:36 UTC 2015
Am 10.02.2015 um 02:07 schrieb NIIBE Yutaka <gniibe at fsij.org>:
> OpenPGPcard has this signature counter, so that user can check how
> many signatures have been computed by the card. When a host PC is
> compromised and some signature was computed by malicious attack, user
> still could detect the attack, that's a hope. Well, malicious attack
> could also modify the output of 'gpg --card-status' before user can
> see it, though.
Yes, which is why I was worried that it wasn't working. It would have meant that someone could create signatures without me knowing.
In any case, what I'd really *love* to see in a future hardware revision would be to have a button that you have to press to generate the signature. So, enter PIN and then press button. Similar to how the Yubico does it.
--
Jonathan
More information about the gnuk-users
mailing list