[Cryptography] Compact smartcard reader with pin entry?

CANNON NATHANIEL CIOTA cannon at cannon-ciota.info
Mon Feb 22 02:43:00 EST 2016 

On 2016-02-21 09:42, Joshua Marpet wrote:
> There was an interesting discussion on the topic of pinpads and
> readers.  http://www.gossamer-threads.com/lists/gnupg/users/64636
> 
> On Sun, Feb 21, 2016 at 6:13 AM, CANNON NATHANIEL CIOTA
> <cannon at cannon-ciota.info> wrote:
> 
>> I have a securely generated and stored PGP key on a smartcard. I
>> wish to use my smartcard for email signing & decryption. Problem is
>> that I am unable to do this since my current CAC reader does not
>> have a built in pin entry. No point in smartcards if a keylogger can
>> just simply harvest the pin then make use of the smartcard for
>> signing/decryption whenever it is plugged in. This is a very real
>> possibility. In fact there is a case where malware has done this in
>> the past on DoD systems.
>> 
>> All the smartcard readers I have seen are unnecessarily massively
>> bulky the size of a brick or untrusted hardware. What are
>> recommendations for a compact CAC reader with built in pin entry
>> from a trusted brand that works with GnuPG smartcards?
>> 
>> --
>> Cannon N. Ciota
>> Digital Identity (namecoin): id/cannon
>> Website: www.cannon-ciota.info [1]
>> Email: cannon at cannon-ciota.info
>> PGP Fingerprint: E7FB 0605 1BD4 8B88 B7BC 91A4 7DF7 76C7 25A6 AEE2
>> _______________________________________________
>> The cryptography mailing list
>> cryptography at metzdowd.com
>> http://www.metzdowd.com/mailman/listinfo/cryptography


Thank you for the link. Some of the people in that post at that link are 
saying pin reader is not needed, that protection of the pin is not 
important. I disagree though for the reason of my threat model. My 
current threat model is if a keylogger logs the pin, then the physical 
smartcard gets stolen at later time, then anyone could decrypt files 
intended for me, access SSH servers, and impersonate me assuming I am 
prevented from accessing my revocation certificate. Smartcards offer key 
protection, pin entry readers offer pin protection. Pin protection is 
just as important if physical security is needed also. I like the ACR83 
smartcard reader but I do not know if it works with GnuPG or if it is 
trusted manufacturer.

-- 
Cannon N. Ciota
Digital Identity (namecoin): id/cannon
Website: www.cannon-ciota.info
Email: cannon at cannon-ciota.info
PGP Fingerprint: E7FB 0605 1BD4 8B88 B7BC 91A4 7DF7 76C7 25A6 AEE2

More information about the cryptography mailing list