Safe decryption with GnuPG?

Anders Breindahl skrewz at
Tue Feb 12 11:59:02 CET 2008


On 200802010958, Krzysztof Żelechowski wrote:
> 1. The decrypted information must not make it to any persistent medium 

Use full-disk encryption, as has been stated before. That way, you can
be confident that nothing leaks into unencrypted places, since such do
not exist in the running system.

> 2. The decrypted text must not be stored in volatile memory any longer
> than it is needed.  In particular, it should be converted to a
> human-viewable bitmap and the computer-readable representation must be
> immediately erased.

That I can't understand your motivation for. I suppose you're afraid
that once compromised, your adversary can't search through memory for
certain strings.

But he could still be monitoring your actions, and copy whatever data
you construct in RAM---including the adversary-readable bitmap.

As Robert stated, many of your other requirements are void, if your
adversary gains control of your machine.

> 8.  The application should be as lightweight as possible (for source
> code audit).

Right, agreed.

> Can you direct me to some implementation meeting these requirements?

I wrote a such script once, that satisfies much of (the serious amongst)
your requirements. Email me personally, if you're interested.

Other than that you may want to look at this vim plugin, which is along
the lines of what you seek:

But I still hold that your requirements for protecting against a
system-controlling adversary are silly! :)

Regards, skrewz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 827 bytes
Desc: Digital signature
URL: </pipermail/attachments/20080212/66c841a8/attachment.pgp>

More information about the Gnupg-users mailing list