deniability

[vedaal at nym.hush.com]

Jerome Baum jerome at jeromebaum.com wrote on
Mon Mar 21 06:48:07 CET 2011 :

>   Configure gpg  in such a way  that when I  encrypt a file, be  
it to
    someone else or  to myself, the recipient(s) can  deny being 
able to
    decrypt the file in question.

Any adversary would question as to why the recipient continues to 
receive files undecryptable to him, and also why you are encrypting 
to additional keys, and to whom do they belong, etc.


>   An adversary should also be unable to
    derive information about the  recipient(s)


A simple way to do this using gnupg, would be something like the 
following:

[1] Don't send the file to any recipient who requires deniability.
[2] Instead of additionally encrypting the file to another key, 
additionally encrypt it symmetrically.
Gnupg allows this by simply typing:

gpg -e -c -a -r (your key) filename

[3] Use the throw-keyid option when you encrypt to your key.
[4] Post the encrypted file to a newsgroup like comp.pgp.test or 
other group that allows test postings.
[5] Your plausible reason for encrypting conventionally in addition 
to your key, is your concern that you might one day lose your 
keyring.
[7] Your plausible reason for posting it to a newsgroup, is that 
you are concerned that 'cloud' organizations might go out of 
business, and this is a simple inexpensive backup.
[8] Your plausible reason for using the throw-keyid option, is that 
since you are posting publicly, you prefer to remain anonymous.
[9] Use a *really good* passphrase (diceware 10 words, [ 7776^10 > 
2^128 ] ), and find a way to securely make it known to the 
recipient(s).
[10] Since you are using such a 'good' passphrase, it is entirely 
plausible that you could 'forget' it. ;-)

*CAVEAT*
Consider very carefully who your threat model adversary is. 
You don't want to do this with Three Letter Agencies or criminals, 
whereas it might be OK for decent university administrations.  :-)


vedaal