Safe decryption with GnuPG?
Robert J. Hansen
rjh at sixdemonbag.org
Tue Feb 5 18:36:06 CET 2008
-----BEGIN PGP SIGNED MESSAGE-----
Krzysztof Żelechowski wrote:
> The decrypted information must not make it to any persistent medium
GnuPG is almost certainly the wrong tool for your job. GnuPG has little
control over low-level operating systems details like swap files. It is
possible for cleartext to be stored in some manner.
> (I understand gpg '-d' already guarantees it
> as long as it manages the decrypted text,
> but what happens after it leaves gpg?)
[many other requirements snipped]
Many of your requirements belong in the application stack alongside or
above GnuPG, but are pretty much unrelated to GnuPG. After it leaves
GnuPG it's no longer GnuPG's problem. Many of your requirements are
also impossible to meet. I don't mean "impossible" as in "it would
require a lot of engineering", I mean "impossible" as in "it's like
violating the Second Law of Thermodynamics".
> Can you direct me to some implementation meeting these requirements?
There exists no such implementation.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the Gnupg-users