trampCrypt family of CLI programs

Robert J. Hansen rjh at sixdemonbag.org
Wed Aug 1 21:22:09 CEST 2012


On 8/1/2012 5:37 AM, peter.segment at wronghead.com wrote:
> Alice doesn't understand what a certificate is and hasn't got the 
> time necessary to do so.

Pardon me for being blunt: she's boned.

> The hypothetical benefit of secure communication with the "general 
> public", i.e., non-members of the group is not considered here.
> There is no benefit of key file internal structure conformance to
> pgp/gpg or end-user algorithm choice.

I've read this a few times and I don't understand the point you're
trying to make, I'm sorry.

> members of this group. Yet somehow, malware is not considered a 
> problem worth addressing by gpg architects and use experts - as it 
> indeed shouldn't be.

If you'll only consider 'authoritative' sources, Werner has said several
times that so-called 'portable' GnuPG installations are too prone to
malware for him to recommend using them.  (I don't recall if his
reasoning is "USB tokens are malware vectors and if you go about
plugging your token into strange computers you'll be sorry", or "any
computer that lets strangers plug in USB tokens is probably already
compromised, so don't use them or you'll be sorry."  It is quite
possibly both.)  I've heard similar remarks from other people. You may
find a brief perusal of the archives to be very illuminating.

Further, malware is a very real concern for GnuPG's architecture.  For
example, consider GPGME: rather than have a shared library that can be
hijacked by Process A (i.e., malware) to compromise Process B's
security, GPGME spawns an entirely new GnuPG invocation and uses the
process barrier to help keep malware from propagating into the core.
Malware is also one of the reasons why GnuPG supports smart cards: smart
cards are much more resistant to exploitation than is a desktop PC.

> However, it is invariably used to quickly trump any requests for a 
> "gpg-portable" variant. Why is that so?

Because it is the consensus of the community, after much deliberation
and consideration.  Some members of the community disagree and have done
some good work making portable GnuPG installations: perhaps some of them
will be in touch with you to share their knowledge.

> For instance, what is the feasibility of "scissoring out" just the 
> required functionality from the gpg code base and then wrap it into 
> three CLI programs (trampKeygen, trampEncrypt, trampDecrypt)? 
> (trampSign and trampVerify could be added if there is ever any need 
> for signing identified by this - or some other group of trumpCrypt 
> family of CLI programs).

You may, of course, do this yourself; the licensing explicitly permits
it.  However, I won't do this for you because I think it's a bad idea
and you haven't persuaded me otherwise.  I imagine many of the people
who are competent to do this work are of a similar mind.



More information about the Gnupg-users mailing list