Safe decryption with GnuPG?

Krzysztof Żelechowski program.spe at home.pl
Wed Feb 6 16:48:17 CET 2008 

Dnia 06-02-2008, Śr o godzinie 10:03 -0500, Steve Revilak pisze:
> > I have a file that I encrypted for myself 
> > and I want to read some information from it. 
> > The file is a text file and I need to read several lines of it.
> > 
> > The following requirements must be met:
> 
> I was going to suggest
> 
>    gpg --decrypt file.gpg | grep "interesting stuff" | banner | less >/dev/null
> 
> but I'll try to be more serious. :)

Yep, that is my current workaround, sort of, 
in a dedicated xterm.

> 
> Out of curiosity, what kind of a threat vector are you anticipating?
> By reading your list of requirements, the ones I've extracted are
> 
>   * Access to sensitive data via system memory is a threat.
> 
>   * Access to sensitive data via the file system (i.e. by examining
>     swap space) is a threat.
> 
>   * Access to sensitive data via the graphics system framebuffer is a
>     threat.
> 
>   * Access to sensitive data via visual observation (someone sees the
>     text on the screen, or takes a picture of the text on the screen)
>     is a threat.
> 

That is basically what I had in mind.

> As someone else mentioned, this brings up a lot of issues in the area
> of trusting the hardware, trusting the operating system and so fourth.
> Granted, they are interesting issues, but my gut instinct tells me
> that this problem might be easier to solve with physical security.

That requires a specialised hardware device; 
I am more interested in a software solution for the time being 
because I think it is more convenient and versatile.

Of course, 
if I would have to guard something really dangerous, 
like ICBM launcher codes, 
I would choose a hardware solution 
(and I would not ask the members of this mailing list).

> 
> For example, the first three threats imply that the data has to leave
> the system where it is being viewed.  Removing network access to that
> system (unplug the ethernet cable, remove any wireless/bluetooth
> hardware), would mitigate those threats, no?

Certainly, but it is not always possible temporarily, 
and it is almost always impossible once and for all.
And unplugging everything for a short time does not really help.

> 
> As for threat #4, if you're viewing the data in a small, bare-walled,
> locked room, you'd be able to tell (a) whether someone else was in the
> room looking over your shoulder or (b) whether there was a camera
> being pointed at your screen.

I did not intend to address this problem at all.

> 
> And if you don't trust the isolated computer in the small locked room,
> you could even go as far as removing its hard drive -- you'd walk in
> with a bootable CD that contained your encrypted file, boot up, read
> what you needed, then halt.

Good point, it can even be a Free DOS floppy disk 
with a RAM disk driver.  
I have not thought of that.

Thanks,
Chris

More information about the Gnupg-users mailing list