Questions about GPGME / GnuPG library

David Pick D.M.Pick at
Thu Dec 7 14:58:53 CET 2000

> > So you didn't understand for what nonswapable memory is good for.
> No, not really. If you can access the swap from remote, then you are
> root, and therefore fully capable of replacing either the gnupg binary
> itself, or reading the real memory on the machine - swap or not. If
> you are not root, have access to the hardware, and are capable of
> useing a screwdriver, you can remove the disk, replace the gnupg
> binary and replace the disk with a trojan gnupg. Is there something
> secret that I missed?

Something you've missed: but not very secret. Scenario:
 1) computer running normally, perfectly safely.
 2) someone gains physical access and either steals it or serves
    you with a warrent.
 3) they take the machine away for forensic analysis
    *without altering the hard disc at all* and never return it
 4) they recover either a decrypted secret key, or your passphrase
    from the swap space
 5) they read all the material you thought you had kept secret
 6) even worse: they are also in a position to forge your signature

>                       I think I understood that you're afraid that
> someone could read something that was swapped to disk, right?


>                                                               Sure,
> you could crypt the swap, but really... I'd rather use a isolated
> machine physically locked up, without network of any kind and a
> grounded Farraday cage around it all to do my crypting then.

Still vilnerable to the sort of attack I've described. You *know*
it's happening (if it does happen) but you can't do anything
about it.

	David Pick

More information about the Gnupg-devel mailing list