Safe decryption with GnuPG?

Robert J. Hansen rjh at sixdemonbag.org
Tue Feb 5 18:36:06 CET 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Krzysztof Żelechowski wrote:
> The decrypted information must not make it to any persistent medium 

GnuPG is almost certainly the wrong tool for your job.  GnuPG has little
control over low-level operating systems details like swap files.  It is
possible for cleartext to be stored in some manner.

> (I understand gpg '-d' already guarantees it 
> as long as it manages the decrypted text,
>  but what happens after it leaves gpg?)

[many other requirements snipped]

Many of your requirements belong in the application stack alongside or
above GnuPG, but are pretty much unrelated to GnuPG.  After it leaves
GnuPG it's no longer GnuPG's problem.  Many of your requirements are
also impossible to meet.  I don't mean "impossible" as in "it would
require a lot of engineering", I mean "impossible" as in "it's like
violating the Second Law of Thermodynamics".

> Can you direct me to some implementation meeting these requirements?

There exists no such implementation.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iFYEAREIAAYFAkeonoYACgkQf2XByo0Cu7Or6ADcDcxgGCAxE2/Dp6NkFzwXBNg4
MI15KpzntdSaJADgkHHfzS/T0/3BnLSkZCVQ0OJ5OFYmxl1Nw4cypIkBHAQBAQgA
BgUCR6iehgAKCRC3APSC/q+BCS9PB/sEIUftJVfX2hYNijy+ml6IAPYhGhIl73eP
si/FvVWVP9WIYAOIz4Q68x1en+zXOncQc8cTUO8HB8hJeuWwe8Zoi/V2cB8nJ9Q1
+mwAcY7q7QuipRJhCpMG/pIS+BY6lDrDWDS1FOlWajDiZnO9Yo81PNCp85B+SC3B
d69h2f6PBJY45DWHfQR224k/hEx9C522FlyPJVN6ZIn7fHSZonb4iTUyZ7Gh5mqW
AOwBGPfyxYcAiXaBJPvOrdBV3b9kg0Gzf+rCRBDLpJsgmWssQOdGrRIXcOuW9n0C
L94jJamwjgpP4YdTuirG4IZDwdcOw5vBoqjNrLpkvK8aoPWnf2AN
=b/yU
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list