[Cryptography] Compact smartcard reader with pin entry?
CANNON NATHANIEL CIOTA
cannon at cannon-ciota.info
Mon Feb 22 02:43:00 EST 2016
On 2016-02-21 09:42, Joshua Marpet wrote:
> There was an interesting discussion on the topic of pinpads and
> readers. http://www.gossamer-threads.com/lists/gnupg/users/64636
>
> On Sun, Feb 21, 2016 at 6:13 AM, CANNON NATHANIEL CIOTA
> <cannon at cannon-ciota.info> wrote:
>
>> I have a securely generated and stored PGP key on a smartcard. I
>> wish to use my smartcard for email signing & decryption. Problem is
>> that I am unable to do this since my current CAC reader does not
>> have a built in pin entry. No point in smartcards if a keylogger can
>> just simply harvest the pin then make use of the smartcard for
>> signing/decryption whenever it is plugged in. This is a very real
>> possibility. In fact there is a case where malware has done this in
>> the past on DoD systems.
>>
>> All the smartcard readers I have seen are unnecessarily massively
>> bulky the size of a brick or untrusted hardware. What are
>> recommendations for a compact CAC reader with built in pin entry
>> from a trusted brand that works with GnuPG smartcards?
>>
>> --
>> Cannon N. Ciota
>> Digital Identity (namecoin): id/cannon
>> Website: www.cannon-ciota.info [1]
>> Email: cannon at cannon-ciota.info
>> PGP Fingerprint: E7FB 0605 1BD4 8B88 B7BC 91A4 7DF7 76C7 25A6 AEE2
>> _______________________________________________
>> The cryptography mailing list
>> cryptography at metzdowd.com
>> http://www.metzdowd.com/mailman/listinfo/cryptography
Thank you for the link. Some of the people in that post at that link are
saying pin reader is not needed, that protection of the pin is not
important. I disagree though for the reason of my threat model. My
current threat model is if a keylogger logs the pin, then the physical
smartcard gets stolen at later time, then anyone could decrypt files
intended for me, access SSH servers, and impersonate me assuming I am
prevented from accessing my revocation certificate. Smartcards offer key
protection, pin entry readers offer pin protection. Pin protection is
just as important if physical security is needed also. I like the ACR83
smartcard reader but I do not know if it works with GnuPG or if it is
trusted manufacturer.
--
Cannon N. Ciota
Digital Identity (namecoin): id/cannon
Website: www.cannon-ciota.info
Email: cannon at cannon-ciota.info
PGP Fingerprint: E7FB 0605 1BD4 8B88 B7BC 91A4 7DF7 76C7 25A6 AEE2
More information about the cryptography
mailing list