Safe decryption with GnuPG?

David Picón Álvarez david at
Tue Feb 5 18:29:16 CET 2008

Sorry, but what you're asking for is impossible.

> The decrypted information must not make it to any persistent medium
> (I understand gpg '-d' already guarantees it
> as long as it manages the decrypted text,
> but what happens after it leaves gpg?)

That's the business of the viewer.

> In particular, it should be converted to a human-viewable bitmap
> and the computer-readable representation must be immediately erased.

This doesn't buy you much, especially since there's OCR and the computer 
generated bitmap is likely to be very regular.

> 3. Only the information I need should be displayed.

How does the viewer know which information you need?

> The bitmap must not be updated automatically
> (the containing window must not display it
> when it is in the background, whatever it means).
> (It would be best to forget the bitmap altogether
> and regenerate it upon request,
> but it seems to be a hard thing to do
> because the gpg output stream is not scrollable backwards).

Updated automatically? Not sure I see what you mean here.

> The bitmap itself should not make it to any persistent medium
> and it should be scrambled, if possible, in the volatile memory.

Scrambling isn't of much use. If someone can read your memory they can read 
the key, which must lie somewhere in memory as well.

> It should not be possible
> to make a snapshot of the graphic in the window
> with any programmatic means
> (you can of course make a picture of the screen with a camera).

This is impossible, unless you have: 1) trusted hardware, DRM style, or 2) a 
specifically built OS to ensure it.

> The application should be as lightweight as possible
> (for source code audit).

Good luck, you're proposing an application that would have to take full 
control of video RAM to ensure noone can read it, that would have to do all 
sorts of graphical manipulation to generate a bitmap from a text, etc.


More information about the Gnupg-users mailing list