Working with an Online and Offline Computer when using GnuPG - Best Practice?

Duane Whitty duane at
Tue Oct 10 04:51:29 CEST 2017

Hash: SHA256

On 17-10-09 11:30 PM, Duane Whitty wrote:
> On 17-10-09 01:53 PM, Stefan Claas wrote:
>> Hi all,
>> A question for the experts.
>> I plan to buy me a little Netbook next year, to use it as an 
>> Offline Computer, for GnuPG usage. The idea is to use my Online 
>> Computer to send and receive messages and to encrypt and decrypt
>>  messages to use the Offline Computer. So far so good. My
>> question is what is the best practice to transfer the Data
>> between those two Computers?
>> I read once here on the Mailing List that one should only use 
>> trusted USB devices, whatever that means, when using an USB 
>> device.
>> My idea is to use the software minimodem between the two 
>> Computers, connected, when required, via audio cables.
>> Is this a good idea, or does something speaks against this
>> method?
>> Any thoughts are welcome!
>> Regards Stefan
> I'm a little surprised no one has reminded us that there are no
> best practices, just practices that serve our needs depending on
> what value we perceive our data to have and what we perceive the
> capabilities of our adversaries to have, and what the consequences
> of compromise are.
> After saying all that I recall reading an article by the
> Washington Post (if I recall correctly) that they use two computers
> in their "safe-drop" system.  Again, IIRC, the computer connected
> to the Internet is not ever connected to the computer used to
> encrypt or decrypt messages.  The computer used to encrypt/decrypt
> is not connected to anything and is booted from a read-only CDROM
> which also has any required software.  Data transfer is done by
> recording to a write-once CDROM.  No clear text is ever on the
> computer connected to the Internet.  There are lots of other
> details to think about (defense in depth)
> Best Regards, Duane
I find this topic quite interesting so if I may comment a little more...

Firstly, I think it's really easy to get carried away here with
security measures one probably doesn't really need.  If you do have a
need for air-gapped computers then you also have a need for a lot of
other security measures.

1) How good are the locks on the doors to your house?
2) What about your windows?
3) What about fire protection?
4) What about data backups?
5) Do you have a policy and mechanism in place for how long you keep dat
6) How about backup security, both on-site and off-site?
7) What mechanism will you use for media destruction when your policy
indicates you don't need certain data any longer?
8) How are you protecting your public/private keys?

I could continue to go on but maybe I'm getting carried away here.
The point I'm trying to make is that if there are lots of attack
vectors and just focusing on where you encrypt/decrypt messages
doesn't necessarily make you that much more protected.

Just my opinion and it's not meant as criticism just as "food for though

Best Regards,

- -- 
Duane Whitty
duane at


More information about the Gnupg-users mailing list