A safe text editor

[Peter Lebbing]

On 09/09/12 23:29, Marco Steinacher wrote:
> Isnt't that the problem with almost any data? At some point you have to 
> decrypt it to edit or view it with some application.

> [...]

> I think demanding all allplications to be aware of this and to handle it 
> securely is quite a strong requirement, although somehow reasonable.

You are absolutely right. But a text editor should be a rather simple target,
and it would fill a lot of needs (secret memo's and such). People never seem to
ask for a secure media player or photo editor, and it would be a lot more
difficult to write properly. But since a basic text editor shouldn't be that
hard to write, I'd think that somebody already designed one that locks its pages
in memory and interfaces securely with GnuPG to read and write OpenPGP text
files in a way that leaves no trace on hard disks.

In fact, I would personally fork over 50 euros for such a "secure" text editor
written by an author I trust. Perhaps we could ask Werner Koch to implement a
basic text editor and do some sort of fundraiser? I'd trust /him/ to write a
proper piece of code :). You want someone who knows where the pitfalls are with
keeping all your data in memory and not trusting user input (buffer overflows
and such). Validating user input should be straightforward enough if you only
allow printable ASCII (and the obvious controls like line feed).

Pour in a bit of copy-paste that avoids the system clipboard unless requested by
the user, and I think you have a recipe for a pretty functional text editor for
playing 007. Or Spy Girls. Perhaps even serious business, although /apparently/
that user base is somewhere else.

(Obviously, we need to be a bit more serious and specific about requirements
before actually starting this. I want my Spy Girl suit in bright pink.)

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt