In case you use OpenPGP on a smartphone ...
sac at 300baud.de
Wed Aug 12 00:24:23 CEST 2020
vedaal at nym.hush.com wrote:
> There is already a simple existing solution.
>  Encrypt and decrypt on a computer that has internet hardware disabled.
>  Use an Orbic Journey V phone that gets and sends *only text*
>  Use a microsd expansion card on the orbis phone
>  set up the phone to save encrypted texts on the microsd 'storage' card
>  Take out the microsd card and use a card reader in the computer in  transfer text only (encrypted or decrypted)
> Any file can be sent as encrypted text by using the armor option -a on the GnuPG command line.
> (this includes audio, video .jpg, .png, pdf, etc. literally any and all possible file types.)
> Even if the Orbic uses the *unknown* system, if your are encrypting and decrypting on a separate air-gapped computer, and
> transferring only text to a microsd, it is hard to see how it can be compromised. (Yes *Anything* can happen, but without
> evidence, there is no end to paranoia)
(I only replied to you and not the list)
Thanks for the detailed description, much appreciated!
> It is not the place of the FAQ to solve the transmission issues of an already perfectly formed GnuPG encrypted .asc file.
> The manual and/or FAQ, tells how to use GnuPG to encrypt or decrypt the file, and armor it.
> The rest is up to the User's threat model.
Well, yes and no. It should be a least discussed and if to many people write from old FAQs new tutorials then
new users will never know these dangers, when using online devices.
> There is, [afaik], no protection available in GnuPG
> against a Clairvoyancy attack vector on an encrypted file even in an air-gapped computer,
> and there is a rumour that any Witch or Wizard can instantly behold the plaintext of an encrypted message
> by flicking a wand at it, and using the simple charm 'Revelato' )
I think I know what you mean. But I think it does not scale well for the masses due to manpower shortage.
> but not really in my threat model 8^))))
Mine neither. :-)
my 'hidden' service gopherhole:
More information about the Gnupg-users