On Fri, Sep 25, 2015 at 3:47 PM, Ludovic Rousseau < ludovic.rouss...@gmail.com> wrote:
> Hello, > > 2015-09-25 14:45 GMT+02:00 helpcrypto helpcrypto <helpcry...@gmail.com>: > > But we still have the issue with the data sent from server. eg: server > sent > > "sign these 10 documents" to our opensource Java local application which > > asks PKCS#11 to do it. > > Anyone could decompile, and inject an 11th doc on the request. > > Some cards can be configured so that the PIN have to be presented > before _each_ signature. > If the user knows he has 10 documents to sign and he is asked to enter > his PIN 11 times then he should detect a problem. > Althouth that could solve "partially" the problem, it's not an intended feature. Users complaint this being annoying, even if we cache the PIN and just request yes/no to confirm. > The user should verify after each signature that the document he > wanted to sign is correctly signed. If not then he should suspect a > problem. Maybe another document has been signed instead, or something > went wrong. > As stated previusly, if our client application is open-source, anyone could manipulate that and show whatever they want. > If you do not use a pinpad the PIN is available somewhere in RAM and a > rogue software could use it. > > > That's what we are trying to avoid and our opinion is actually: if the > > computer is compromised, you can't do anything. > > Exact. If the computer is compromised you have NO idea of what it is > doing. > Starting to get convinced... -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
