gpg in a cybercafé

flapflap flapflap at riseup.net
Thu Mar 5 23:27:36 CET 2015


Jonathan Schleifer:
> On Wed, 04 Mar 2015 14:29:47 +0300, Robert Deroy <robert.deroy at mail.ru> wrote:
> 
>> How could i do for use gpg on a usb key, because i have no computer, i only go in cybercafé.
>>
>> I want to use the last version, 2.1.1, with gpa.
> 
> I woudl recommend to boot off a Tails USB stick, as everything else would be way too risky in a public place. Don't even think about just running the executable on some system! Tails is - as far as I know - the only system designed to still provide security in the environment of a café. It goes so far as so try to wipe the memory when you shut down.

FWIW: Tails https://tails.boum.org/

Despite Tails' aim to protect its users and their communication, you
would still put a lot of trust in other people when using it in an
internet café and Tails could not protect you.

A simple thing an attacker (evil internet café owner, previous users)
could do is to install a keylogger or another hardware implant in the
computer that you cannot see.  The attacker could then easily record
your keystrokes when you type in the passphrase to your key.  As a
countermeasure, Tails also ships with Florence [0], a virtual keyboard
that you can use to type instead of the hardware keyboard.

But even if you use the virtual keyboard, there could be a camera behind
you watching your screen (and keystrokes), or the cable from the
computer to the monitor could split the signals to a video recorder or
other implants inside the monitor.

Personally, I'd rather ask a close and trustworthy friend whether I
could use their computer instead of an internet café, library, or other
publicly accessible location where I don't know the people behind.  But
of course, there may be situations where these are the only options.

> And here's the catch: It comes with GnuPG - but GnuPG 2.0.x AFAIK. Are you positive you absolutely need 2.1? The main reason to require 2.1 is to use ECC, I guess.

The current version (1.3) of Tails comes with GnuPG 1.4.12.

However, if you require a more/the most recent GnuPG you could
build/install it manually but it requires some additional steps:

- You can /download and verify/ the Tails ISO image [1] and then burn it
  onto a DVD [2].
- You can now boot Tails from the DVD.
- When it has booted you can plug in a USB stick (>=4GB) and use the
  small tool /Tails Installer/ [3] to copy the image from the DVD
  to the USB stick.
- Shutdown, remove the DVD from the DVD drive, and boot from the USB
  stick.
- Tails offers a /persistence feature/ [4] which is an encrypted volume
  using the remaining space of the USB stick (so there is the plain
  unencrypted Tails installation and an encrypted partition).
  When you reboot from the USB stick/SD Card with enabled persistence
  feature, the welcome screen /Tails Greeter/ lets you enter the
  passphrase to unlock the persistent volume.  _Unfortunately, it is
  not possible to enter the passphrase using Florence here_!
- In your home directory, there's now a directory "Persistent" that is
  stored in the encrypted volume and the data you put there stay there
  even when you reboot Tails (but not on outside directories).

As next steps you would install tools needed to build GnuPG, download
and verify the GnuPG sources, and build your GnuPG.

- In /Tails Greeter/ you can set a root password, so you can
    `sudo apt-get install gcc binutils'
  and all the other build tools and libraries afterwards.
  You can even install these additional software packages [5] on every
  session (though it is an experimental feature and not presented in
  the assistants).
- Then you can download the GnuPG sources to your ~/Persistent
  directory, verify the signature, and build GnuPG.


If you have further questions regarding Tails, you can read the
documentation [6] (there's a lot of it!) or write an email to their
mailing lists
  tails-support-private at boum.org [7] (private/non-public)
  tails-support at boum.org [7] (public)

HTH,
~flapflap

[0]
https://tails.boum.org/doc/encryption_and_privacy/virtual_keyboard/index.en.html
[1] https://tails.boum.org/download/index.en.html
[2] https://tails.boum.org/doc/first_steps/dvd/index.en.html
[3] https://tails.boum.org/doc/first_steps/installation/index.en.html
[4] https://tails.boum.org/doc/first_steps/persistence/index.en.html
[5]
https://tails.boum.org/doc/first_steps/persistence/configure/index.en.html#index14h2
[6] https://tails.boum.org/doc/index.en.html
[7] https://tails.boum.org/support/index.en.html


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 630 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20150305/59a427de/attachment.sig>


More information about the Gnupg-users mailing list