Slightly OT - mobile OpenPGP usage
Stefan Claas
stefanclaas at riseup.net
Wed Aug 28 11:07:30 CEST 2019
On 2019-08-28 00:44, Chris Narkiewicz via Gnupg-users wrote:
> On 27/08/2019 20:50, Stefan Claas via Gnupg-users wrote:
>> But what would be, when using computers at work or public places, then
>> the best strategy for using OpenPGP, without carrying a Notebook or
>> smartphone?
> The strategy I advice would be to not use GnuPG and look for alternatives.
Well, not GnuPG but I thought more about other OpenPGP apps, because
the OpenPGP protocol besides S/MIME is still widely used.
> I wouldn't look for some golden practice because I believe there
> is none. Bluntly speaking, GnuPG is not fit for purpose of
> securing everyday communication and shall not be advertised
> as such.
>
> Generally your keys should never leave secure environment. Secure
> environment can be either dedicated machine that you control
> or (better) SmartCard/HSM.
Here is an idea ... I recently read about Prof. Kaminsky's Enigma2000
which is a JavaScrpit encryption app running on an offline Raspberry Pi
with a touchscreen.
https://www.cs.rit.edu/~ark/parallelcrypto/enigma2000/
If someone would write a JavaScript OpenPGP app which works like
Enigma2000
one could attach an USB stick to store an amored message, unplug and set
the write protect switch and insert the USB stick to a public computer.
We
would have a secure OpenPGP messaging device, not requiring an expensive
smartphone nor a laptop to carry around.
It could be done as a kickstarter project (Raspi+Touchscreen as one
device + JavaScript code.
Well, just a thought and hopefully a talented coder and hardware
tinkerer could make this happen.
Regards
Stefan
--
box: 4a64758de9e8ceded2c481ee526440687fe2f3a828e3a813f87753ad30847b56
certified OpenPGP key blocks available on keybase.io/stefan_claas
More information about the Gnupg-users
mailing list