Safe decryption with GnuPG?

Krzysztof Żelechowski program.spe at
Fri Feb 1 09:58:12 CET 2008

Dear friends:

I have a file that I encrypted for myself 
and I want to read some information from it.  
The file is a text file and I need to read several lines of it.

The following requirements must be met:

The decrypted information must not make it to any persistent medium 
(I understand gpg '-d' already guarantees it 
as long as it manages the decrypted text,
 but what happens after it leaves gpg?)

The decrypted text must not be stored in volatile memory 
any longer than it is needed.  
In particular, it should be converted to a human-viewable bitmap 
and the computer-readable representation must be immediately erased.

3. Only the information I need should be displayed.

The bitmap must not be updated automatically 
(the containing window must not display it 
when it is in the background, whatever it means).
(It would be best to forget the bitmap altogether 
and regenerate it upon request, 
but it seems to be a hard thing to do
because the gpg output stream is not scrollable backwards).

The bitmap itself should not make it to any persistent medium
and it should be scrambled, if possible, in the volatile memory.

It should not be possible 
to make a snapshot of the graphic in the window 
with any programmatic means 
(you can of course make a picture of the screen with a camera).

If more information is requested, 
it should be displayed in small chunks.  
The program should be fully unaware 
of the content of the chunks that are not being displayed.

(That probably means a garbage-collected language cannot be used).

The application should be as lightweight as possible 
(for source code audit).

Can you direct me to some implementation meeting these requirements?

Best regards,

More information about the Gnupg-users mailing list