At 18.28 +0200 0-05-22, Bertrand(_dot_)Ibrahim(_at_)cui(_dot_)unige(_dot_)ch
wrote:
I would hope that any software I use, that is able to put
my digital signature on some data, would ask me for my
pass-phrase every time my private key is used. I would
even hope that such software wouldn't be able to use my
private key without the pass-phrase, otherwise anybody
with access to my computer could easily forge my signature.
It is not easy to design encryption software which cannot
be corrupted by viruses. A virus could catch your passphrase,
and then use it itself for nefarious purposes. That is why
many people want to use smart cards. But I am not sure they
are secure. A virus could catch the communication to and
from your smart card. And developers of smart cards seem
to want to put so much functionality in the card itself,
that it becomes open to viruses in itself.
--
Jacob Palme <jpalme(_at_)dsv(_dot_)su(_dot_)se> (Stockholm University and KTH)
for more info see URL: http://www.dsv.su.se/jpalme/