"just invent something..."

LisToFacTor listofactor at mail.ru
Sat May 23 00:18:10 CEST 2020


Robert,

Hi and thanks for the reply. Salsa is cooking. And since you
are so kind:

It would help a whole lot if GPG included some authoritative
documentation on how to use the program in the following scenario:

- The trust in the correspondent's public key is established only
by comparing the key fingerprint derived programmatically from the
locally stored key-file and a copy independently obtained from
the owner. The only identification of a public key is its fingerprint.
Since the public key is either known to an adversary, or it is very
hard to guard against such eventuality, the public key itself should
not provide the adversary with any useful information.

- All gpg operations (key generation, encryption, decryption) are
carried out on a device not connected to the Internet.

- There is no e-mail. (It's not just "resting", it is DEAD).

It would really, really help.

p.s.
Out-of-channel fingerprint dissemination and exchange of ciphertext
without the benefit of the e-mail system has been dealt with, so
there is no need at all to address that.





More information about the Gnupg-users mailing list