vedaal at nym.hush.com
vedaal at nym.hush.com
Fri Jul 23 15:51:38 CEST 2010
>Date: Thu, 22 Jul 2010 21:19:50 +0100
>From: Andre Amorim <andre at amorim.me>
>To: GnuPG Users <gnupg-users at gnupg.org>
>Do we have a "plausibly deniable" option ?
GnuPG can be used for plausible deniability both for encrypting and
 hiding the identity of the encryption:
The 'throw-keyids' option hides which keys the message is encrypted
(beware of this option, as it is useful only under very limited
i.e. posting anonymously in a newsgroup like alt.test, and where
your threat model doesn't include government agencies or organized
crime, so you can communicate by encryption but without using e-
The reason to *not* use this option, is that it can be used by
government to get access to all your keys and passwords!
The government can claim, that in order to prove that you did not
encrypt this, it must try all the keys in your possession, and in
order to make sure that you didn't intentionally enter the 'wrong'
password, it needs to enter the correct one.
(The prosecutor may graciously allow you to change your passwords
to temporary ones for this purpose, but if they can copy the key,
then it won't really help you ;-) ).
In fact, if one wanted to think 'really paranoid', then in a
country where there is a law where people must surrender an
encryption key upon demand to decrypt a message, then what prevents
an intelligence agency from 'planting' a throw-keyid encrypted
message on your computer by simply e-mailing it to you from an
anonymous e-mail account? The message can be done with keys that
only the intelligence agency has, and since you really didn't
encrypt the message, you can't give up the session key, and now the
government wants *all* your keys and passwords to prove you didn't
encrypt the message.
(Actually, you might try a defense that forcing you to try to
decrypt a throw-keyid message using all the keys in your possession
is already a violation of 'cruel and unusual punishment' ;-) )
 hiding the identity of the signer:
(a) generate a new keypair and give it to a person you want to have
'plausible deniability' with
(b) a signed message shown to anyone else, only means that 'one' of
you signed it. Both of you know which one 'really' signed it,
but neither can prove it.
More information about the Gnupg-users