Safe decryption with GnuPG?
pg at futureware.at
Wed Feb 6 02:22:09 CET 2008
> The decrypted information must not make it to any persistent medium
> (I understand gpg '-d' already guarantees it
> as long as it manages the decrypted text,
> but what happens after it leaves gpg?)
Use a full-disc encryption system for all your persistent media.
> The decrypted text must not be stored in volatile memory
> any longer than it is needed.
You can use TaintedBochs or TaintedQemu to investigate that.
> In particular, it should be converted to a human-viewable bitmap
> and the computer-readable representation must be immediately erased.
Doesn´t help much to try that, I would say. But feel free to try ...
> 3. Only the information I need should be displayed.
You need a Do-What-I-Mean system for that.
> The bitmap must not be updated automatically
> (the containing window must not display it
> when it is in the background, whatever it means).
> (It would be best to forget the bitmap altogether
> and regenerate it upon request,
> but it seems to be a hard thing to do
> because the gpg output stream is not scrollable backwards).
Use Overlay mode to display it.
> The bitmap itself should not make it to any persistent medium
> and it should be scrambled, if possible, in the volatile memory.
Implement the viewer in the graphic card, with the CUDA SDK or something
> It should not be possible
> to make a snapshot of the graphic in the window
> with any programmatic means
> (you can of course make a picture of the screen with a camera).
Overlay mode does that.
> If more information is requested,
> it should be displayed in small chunks.
> The program should be fully unaware
> of the content of the chunks that are not being displayed.
> (That probably means a garbage-collected language cannot be used).
I don´t understand why you need that.
I would suggest that you seperate the small chunks into seperated encrypted
files, to ensure that the reader only gets those chunks that you actually
> The application should be as lightweight as possible
> (for source code audit).
> Can you direct me to some implementation meeting these requirements?
I think your specification isn´t complete yet. You forgot about half of the
I guess that:
* You want a machine that seperates code from data (to be secure against
trojans, virii and other malware)
* You want secure documents, that can´t change dynamically, or otherwise
contain invisible contents
* You want a secure path to the user
(and some more requirements that I forgot at the moment)
What´s your budget for this small project?
More information about the Gnupg-users