Working with an Online and Offline Computer when using GnuPG - Best Practice?
Whitey
whitey at posteo.net
Tue Oct 10 17:39:00 CEST 2017
Pete Stephenson wrote:
> On Mon, Oct 9, 2017, at 06:53 PM, Stefan Claas wrote:
>> I read once here on the Mailing List that one should only use
>> trusted USB devices, whatever that means, when using an USB
>> device.
>
> If you must use USB devices for some reason, take a look at the
> <https://www.kanguru.com/storage-accessories/kanguru-flashtrust-secure-firmware.shtml>
> flash drive.
>
> It's designed specifically to protect against "badUSB", where the
> controller and firmware can be compromised. The controller has the
> developer's public key baked in during manufacture. The firmware is
> signed and can only be loaded once (no provision is made for
> in-the-field firmware updates). The controller verifies the firmware and
> its signature at every power-on. If a malicious actor had physical
> access and re-flashed the firmware, the controller would notice and fail
> to load.
>
> It also has a physical write-protect switch that can prevent unwanted
> writes.
Since a flash drive is a read/write device, when would writes be
unwanted? When should I use this?
--
Whitey
More information about the Gnupg-users
mailing list