Safe decryption with GnuPG?
program.spe at home.pl
Wed Feb 6 16:48:17 CET 2008
Dnia 06-02-2008, Śr o godzinie 10:03 -0500, Steve Revilak pisze:
> > I have a file that I encrypted for myself
> > and I want to read some information from it.
> > The file is a text file and I need to read several lines of it.
> > The following requirements must be met:
> I was going to suggest
> gpg --decrypt file.gpg | grep "interesting stuff" | banner | less >/dev/null
> but I'll try to be more serious. :)
Yep, that is my current workaround, sort of,
in a dedicated xterm.
> Out of curiosity, what kind of a threat vector are you anticipating?
> By reading your list of requirements, the ones I've extracted are
> * Access to sensitive data via system memory is a threat.
> * Access to sensitive data via the file system (i.e. by examining
> swap space) is a threat.
> * Access to sensitive data via the graphics system framebuffer is a
> * Access to sensitive data via visual observation (someone sees the
> text on the screen, or takes a picture of the text on the screen)
> is a threat.
That is basically what I had in mind.
> As someone else mentioned, this brings up a lot of issues in the area
> of trusting the hardware, trusting the operating system and so fourth.
> Granted, they are interesting issues, but my gut instinct tells me
> that this problem might be easier to solve with physical security.
That requires a specialised hardware device;
I am more interested in a software solution for the time being
because I think it is more convenient and versatile.
if I would have to guard something really dangerous,
like ICBM launcher codes,
I would choose a hardware solution
(and I would not ask the members of this mailing list).
> For example, the first three threats imply that the data has to leave
> the system where it is being viewed. Removing network access to that
> system (unplug the ethernet cable, remove any wireless/bluetooth
> hardware), would mitigate those threats, no?
Certainly, but it is not always possible temporarily,
and it is almost always impossible once and for all.
And unplugging everything for a short time does not really help.
> As for threat #4, if you're viewing the data in a small, bare-walled,
> locked room, you'd be able to tell (a) whether someone else was in the
> room looking over your shoulder or (b) whether there was a camera
> being pointed at your screen.
I did not intend to address this problem at all.
> And if you don't trust the isolated computer in the small locked room,
> you could even go as far as removing its hard drive -- you'd walk in
> with a bootable CD that contained your encrypted file, boot up, read
> what you needed, then halt.
Good point, it can even be a Free DOS floppy disk
with a RAM disk driver.
I have not thought of that.
More information about the Gnupg-users