plausibly deniable

vedaal at nym.hush.com vedaal at nym.hush.com
Fri Jul 23 15:51:38 CEST 2010 

>Message: 4
>Date: Thu, 22 Jul 2010 21:19:50 +0100
>From: Andre Amorim <andre at amorim.me>
>To: GnuPG Users <gnupg-users at gnupg.org>

>Do we have a "plausibly deniable" option ?

GnuPG can be used for plausible deniability both for encrypting and 
for signing:

[1] hiding the identity of the encryption:

The 'throw-keyids' option hides which keys the message is encrypted 
to

(beware of this option, as it is useful only under  very limited 
circumstances,
i.e.  posting anonymously in a newsgroup like alt.test, and where 
your threat model doesn't include government agencies or organized 
crime, so you can communicate by encryption but without using e-
mail

The reason to *not* use this option, is that it can be used by 
government to get access to all your keys and passwords!

The government can claim, that in order to prove that you did not 
encrypt this, it must try all the keys in your possession, and in 
order to make sure that you didn't intentionally enter the 'wrong' 
password, it needs to enter the correct one.
(The prosecutor may graciously allow you to change your passwords 
to temporary ones for this purpose, but if they can copy the key, 
then it won't really help you  ;-) ).

In fact, if one wanted to think 'really paranoid', then in a 
country where there is a law where people must surrender an 
encryption key upon demand to decrypt a message, then what prevents 
an intelligence agency from 'planting' a throw-keyid encrypted 
message on your computer by simply e-mailing it to you from an 
anonymous e-mail account?  The message can be done with keys that 
only the intelligence agency has, and since you really didn't 
encrypt the message, you can't give up the session key, and now the 
government wants *all* your keys and passwords to prove you didn't 
encrypt the message.

(Actually, you might try a defense that forcing you to try to 
decrypt a throw-keyid message using all the keys in your possession 
is already a violation of 'cruel and unusual punishment'  ;-) )


[2] hiding the identity of the signer:

(a) generate a new keypair and give it to a person you want to have 
'plausible deniability' with
(b) a signed message shown to anyone else, only means that 'one' of 
you signed it. Both of you know which one 'really' signed it,
but neither can prove it.


vedaal

More information about the Gnupg-users mailing list