Why trust gpg4win?
takethebus at gmx.de
Mon Sep 9 22:52:48 CEST 2013
>> 24.08.2013 23:14, Jan (takethebus at gmx.de) worte:
>> It seems quite easy to advice people to have an offline windows PC
>> with gpg4win on it and all their private stuff and a windows(?)
>> online PC next to it. They could transfer encrypted messages with an
>> USB stick from one PC to the other. I think this is a vector for an
>> attacker, but how serious is this problem?
>25.08.2013 06:04, Robert J. Hansen wrote:
>Very serious. USB tokens are great tools for propagating malware.
>Compromise the box that's connected to the net, and as soon as someone
>plugs a flash drive into it, compromise the flash drive. Bring it over
>to the new computer, plug in there, and bang, you've spanned the air
>gap. This is not a new attack: it's been known about for many years and
>has been demonstrated in real-world environments.
Imagine an intact offline PC without "auto play" enabled for USB drives. Now
an USB drive is plugged in with an encrypted file on it. The file is
decrypted with gnupg and turns out to be a jpg file. Let's assume it
contains maleware. Even in this case, the offline PC is not infected yet(?).
Next we would want to view the jpg picture using a secure small tool which
is so simple that it does not evoke the maleware contained in the file. If
there is such a tool the offline PC is still intact. No information or
private key could secretly be copied on an USB drive which we plug in the
offline PC. Thus no such information could be transfered to the online PC,
no matter how infected the online PC is. The point is perhaps to only view
files of simple formats on the offline PC, like(?) jpg files. Word files
seem too dangerous for me for example, since they can contain scripts. Are
my thoughts correct?
The simple file formats I'm thinking of are plain text, jpg, RTF, a simple
spread sheetformat (which?), pdf, mp3. Are there any secure tools for those
types? Jasper den Ouden (22.08.2013 20:22) asked for a "pdf tool for extra
security" in a similar context.
It also might be a good idea to have a program which checks whether the
considered file is for instance a "normal" jpg file according to the jpg
definition. If it is not we could avoid loading it in a jpg tool. Are there
such programs under linux?
>25.08.2013 10:28, Pete Stephenson wrote:
>The easiest and least-expensive solution to this situation is using
>smartcards: http://g10code.com/p-card.html -- the private key is kept
>securely on the smartcard.
My problem with smartcards is that they protect the private key but not the
sensitive data I'm keeping on my offline PC, since once in a while I need to
decrypt it in order to work with it. Nevertheless an attacker would
certainly first try to steel the private key out of the offline PC, so
smatcards are a good additional defense.
More information about the Gnupg-users