Working with an Online and Offline Computer when using GnuPG - Best Practice?

Stefan Claas stefan.claas at posteo.de
Mon Oct 9 21:14:07 CEST 2017


On Mon, 9 Oct 2017 20:12:33 +0200, Peter Lebbing wrote:
> On 09/10/17 18:53, Stefan Claas wrote:
> > My idea is to use the software minimodem between the two
> > Computers, connected, when required, via audio cables.  
> 
> I think perhaps this is a little low-bandwidth for security updates
> for your OS. By the way, you could use a USB-to-serial converter and
> use a serial cable. The problem with USB is sharing the same USB
> device between multiple computers. If you always use the same
> converter in the same computer, it's not an infection vector. But
> this is still very low bandwidth. Many USB-to-serial converters can
> go to 0.5 Mbit/s. I think the max I've seen is 2 Mbit/s. So it's not
> as low as the ol' 115k2 anymore.
> 
> I haven't read about SD cards being infection vectors, and they have
> many gigabytes. Enough for, for example, a mirror of the
> debian-security archive for your architecture.
> 
> I do know about subverting SATA harddisks, but haven't heard about it
> actually being used, unlike USB. SATA sounds reasonable as well.
> 
> For both SD cards and SATA harddisks, you could again use USB-to-X
> converters, as long as they are dedicated to your offline system.

Thank you very much for your information, much appreciated!

To be more precise, when i will buy me an Offline Computer my idea
was that it will be *never* connected to the Internet. So i thought
maybe i buy one, let's say with Windows 10, never update or upgrade
it due to it's permanent offline state, download once gpg4win, look
at the checksum of gpg4win.exe, maybe extract the package on an Online
Computer, transfer the gpg4win.exe via minimodem, even if it takes a
very long time. Cross compile minimodem with CygWin and transfer with
minimodem the .exe and cygwin.dll to the offline computer as well.
Should i receive a PGP/MIME Message i would then use a Python script
from Github to convert the message on my Online Computer to PGP/Inline.

That was/is my idea. But thanks for pointing out the USB-to-serial
converter!

Regards
Stefan

-- 
https://www.behance.net/futagoza
https://keybase.io/stefan_claas



More information about the Gnupg-users mailing list