Why trust gpg4win?

Jan takethebus at gmx.de
Mon Sep 9 22:52:48 CEST 2013


>> 24.08.2013 23:14, Jan (takethebus at gmx.de) worte:
>> It seems quite easy to advice people to have an offline windows PC
>> with gpg4win on it and all their private stuff and a windows(?)
>> online PC next to it. They could transfer encrypted messages with an
>> USB stick from one PC to the other. I think this is a vector for an
>> attacker, but how serious is this problem?

>25.08.2013 06:04, Robert J. Hansen wrote:
>Very serious.  USB tokens are great tools for propagating malware.
>Compromise the box that's connected to the net, and as soon as someone
>plugs a flash drive into it, compromise the flash drive.  Bring it over
>to the new computer, plug in there, and bang, you've spanned the air
>gap.  This is not a new attack: it's been known about for many years and
>has been demonstrated in real-world environments.

Imagine an intact offline PC without "auto play" enabled for USB drives. Now 
an USB drive is plugged in with an encrypted file on it. The file is 
decrypted with gnupg and turns out to be a jpg file. Let's assume it 
contains maleware. Even in this case, the offline PC is not infected yet(?). 
Next we would want to view the jpg picture using a secure small tool which 
is so simple that it does not evoke the maleware contained in the file. If 
there is such a tool the offline PC is still intact. No information or 
private key could secretly be copied on an USB drive which we plug in the 
offline PC. Thus no such information could be transfered to the online PC, 
no matter how infected the online PC is. The point is perhaps to only view 
files of simple formats on the offline PC, like(?) jpg files. Word files 
seem too dangerous for me for example, since they can contain scripts. Are 
my thoughts correct?

The simple file formats I'm thinking of are plain text, jpg, RTF, a simple 
spread sheetformat (which?), pdf, mp3. Are there any secure tools for those 
types? Jasper den Ouden (22.08.2013 20:22) asked for a "pdf tool for extra 
security" in a similar context.

It also might be a good idea to have a program which checks whether the 
considered file is for instance a "normal" jpg file according to the jpg 
definition. If it is not we could avoid loading it in a jpg tool. Are there 
such programs under linux?

>25.08.2013 10:28, Pete Stephenson wrote:
>The easiest and least-expensive solution to this situation is using
>smartcards: http://g10code.com/p-card.html -- the private key is kept
>securely on the smartcard.

My problem with smartcards is that they protect the private key but not the 
sensitive data I'm keeping on my offline PC, since once in a while I need to 
decrypt it in order to work with it. Nevertheless an attacker would 
certainly first try to steel the private key out of the offline PC, so 
smatcards are a good additional defense.

Best regards,
Jan







More information about the Gnupg-users mailing list