[cryptography] Smart card with external pinpad

Werner Koch wk at gnupg.org
Sun Aug 21 08:21:07 EDT 2011

On Sat, 20 Aug 2011 22:21, simon at josefsson.org said:

> All smartcard readers with PIN entry pads that I have used has had the
> property that once you have entered the PIN, the host (which normally is
> untrusted and can have a trojan running) will be able to perform
> unlimited number of private key operations using your smartcard.

That is a property of the card and not of the reader.  For example our
OpenPGP card may be configured to require a verify operation (i.e. to
enter a PIN) right before each sign operation.  TCOS cards may be
configured in a similar way.

Of course that doesn't solve the problem that you can't see what you
sign.  If you are in the habit of signing all mails it would be easy for
malware to substitute one mail signing by a money transaction signing

> I'm surprised there aren't smartcard readers with a button to authorize
> every private key operation.  At least I haven't seen any.  It is still

To do that the reader would need to know the card application's exact
working.  This is not possible for a general purpose device.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the cryptography mailing list