Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: GnuPG: users

gpg "simplified"?

 

 

GnuPG users RSS feed   Index | Next | Previous | View Threaded


peter.segment at wronghead

Jul 30, 2012, 5:51 AM

Post #1 of 11 (867 views)
Permalink
gpg "simplified"?

I have been asked to help a small group of individuals
(perhaps hundreds, not thousands) with secure data exchange
(including, but not restricted to e-mail).

Use of full gpg is way beyond their capabilities. I am
wondering if anybody has heard of a simplified version
of gpg; or failing that, I would like to hear any comments
on the feasibility of a collaborative project to create
such a variant, as I am convinced there would have to be
a wider applicability of it.

The following describes the requirements:

1) The program is CLI and operates on (i.e., it encrypts and
decrypts) binary files. It has no connection with any mail
client program or server or mail service and provides
no key management functionality whatsoever.

2) Once encrypted with a (single!) recipients public key, the
file consists of bytes indistinguishable from a random stream.

3) The program can be run from removable media, i.e., it
requires no installation and assumes no network access for
either key exchange or in operation. There are binaries
for all three major platforms (Win32, Linux and Mac OSX).

4) Single key, public or private, resides in a single
file. This file is encrypted with operator's public key
and consists of bytes indistinguishable from a random byte
stream.

5) Public key includes a textual description, but no
unique identification other than the hash of the key.

TIA, Peter M.


_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


yyy at yyy

Jul 30, 2012, 10:11 PM

Post #2 of 11 (857 views)
Permalink
Re: gpg "simplified"? [In reply to]

On 2012.07.30. 15:51, peter.segment [at] wronghead wrote:
> I have been asked to help a small group of individuals
> (perhaps hundreds, not thousands) with secure data exchange
> (including, but not restricted to e-mail).
>
> Use of full gpg is way beyond their capabilities. I am
> wondering if anybody has heard of a simplified version
> of gpg; or failing that, I would like to hear any comments
> on the feasibility of a collaborative project to create
> such a variant, as I am convinced there would have to be
> a wider applicability of it.
>
> The following describes the requirements:
>
> 1) The program is CLI and operates on (i.e., it encrypts and
> decrypts) binary files. It has no connection with any mail
> client program or server or mail service and provides
> no key management functionality whatsoever.
gpg is a CLI program which encrypts and decrypts binary files,
by default it has no connection with any mail server or service
openssl smime tool does the same, and unlike gpg, has no key
management functionality (for encryption and decryption only)
(it does have size limits, it needs as much memory, as size
of file to be encrypted or decrypted)

> 2) Once encrypted with a (single!) recipients public key, the
> file consists of bytes indistinguishable from a random stream.
this probably will not be possible with standard openpgp (or smime)

> 3) The program can be run from removable media, i.e., it
> requires no installation and assumes no network access for
> either key exchange or in operation. There are binaries
> for all three major platforms (Win32, Linux and Mac OSX).
I have heard, that gpg 1.4 supports such operation, but
have not tested it myself. gpg2 certainly will not work.
openssl some times works, some times not.
(I have tested only on windows, there have been some dependencies
on system dlls).

> 4) Single key, public or private, resides in a single
> file. This file is encrypted with operator's public key
> and consists of bytes indistinguishable from a random byte
> stream.
this probably will not be possible with standard openpgp (or smime)
if private key is encrypted with it's public key, it becomes
inaccessible, because unencrypted private key is needed
to decrypt it.
> 5) Public key includes a textual description, but no
> unique identification other than the hash of the key.
>
gpg keys can be generated this way, x509 certs also
can be generated this way.

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


wk at gnupg

Jul 31, 2012, 2:35 AM

Post #3 of 11 (838 views)
Permalink
Re: gpg "simplified"? [In reply to]

On Tue, 31 Jul 2012 07:11, yyy [at] yyy said:

>> 3) The program can be run from removable media, i.e., it
>> requires no installation and assumes no network access for
>> either key exchange or in operation. There are binaries
>> for all three major platforms (Win32, Linux and Mac OSX).
> I have heard, that gpg 1.4 supports such operation, but
> have not tested it myself. gpg2 certainly will not work.

Why do you think gpg2 won't work or does any network access without user
consent?


Salam-Shalom,

Werner

--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.


_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


peter.segment at wronghead

Jul 31, 2012, 5:17 AM

Post #4 of 11 (834 views)
Permalink
Re: gpg "simplified"? [In reply to]

On 31/07/12 09:35, Werner Koch - wk [at] gnupg wrote:
> Why do you think gpg2 won't work or does any network access
> without user consent?

Correct me if I'm wrong, but it is unreasonable to expect anybody
to successfully and safely use gpg without understanding the
concepts and mastering the skills essential to the WOT:
key signing, sub-keys, revocations etc. This makes the use of gpg
(or even an early, "portable" pgp version (2.6.something IIRC?)
unfeasible). As far as the network access is concerned, the best
(the only?) way to ensure there is no compromising network access
is to have a network-ignorant application program.

In this application I have a group of otherwise technically competent
users that, however, have no need or interest to securely communicate
or exchange data with anyone who is not a group member and has not
been introduced to them by the group manager. (Please take the term
"group manager" in the widest possible sense). He can easily do all
the necessary key management (distribution, verification, revocation...)
functions in the course of his other (quite extensive, actually) group
management tasks and activities.

Most users in this group have no single computer they operate on.
Occasionally they must be able to create cipher-text on "drive-by"
computers, not connected to the public network or where any network
access is raising undesired attention . It is essential that the
software requires no "installation" on the computer it is to be used
on. (i.e., it must be statically linked, with no external dependencies).

>> ... This file is encrypted with operator's public key...
>this probably will not be possible ...

Yes (clumsily worded in the OP). Obviously, operator's private key
can't be "encrypted with itself" - it will have to be encrypted
with a pass-phrase generated key, just as it is in gpg.

Peter M.




_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


yyy at yyy

Jul 31, 2012, 8:40 AM

Post #5 of 11 (837 views)
Permalink
Re: gpg "simplified"? [In reply to]

On 2012.07.31. 12:35, Werner Koch wrote:
> On Tue, 31 Jul 2012 07:11, yyy [at] yyy said:
>
> Why do you think gpg2 won't work or does any network access without user
> consent?
>
gpg2 requires gpg agent..., i was referring to posibility
to making it a portable application (not requiring
installation, not leaving traces in host computer when run)

there (in this list) have been some threads about
how to get rid of gpg agent in gpg2, so it would
behave more like gpg 1.4, but answer has been, that
it is not possible.

No application considered requires any network access
(gpg1.4, gpg2, openssl)

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


rjh at sixdemonbag

Jul 31, 2012, 12:25 PM

Post #6 of 11 (838 views)
Permalink
Re: gpg "simplified"? [In reply to]

On 7/31/2012 8:17 AM, peter.segment [at] wronghead wrote:
> Correct me if I'm wrong, but it is unreasonable to expect anybody
> to successfully and safely use gpg without understanding the
> concepts and mastering the skills essential to the WOT:

This is not at all the case.

Set up a trusted introducer/certificate authority and presto, bang,
you're off to the races. When Alice comes on board at the company, the
local authority generates a certificate for her, sets up her
Thunderbird+Enigmail installation (or choose-your-preferred-MUA), signs
her certificate, and has her certificate recognize the CA as a trusted
introducer.

All Alice needs to do is choose her passphrase. She can now communicate
securely with anyone inside the organization. In order to communicate
securely with someone outside the organization, she calls up the
certificate authority and says, "I need to email some documents to Bob
over at another firm. Could you please make this happen?"

The CA then calls Bob, does the identity check, fingerprint
verification, etc., and at the end of it signs Bob's certificate and
introduces Bob's certificate to the local keyserver. The CA calls Alice
back and says, "Grab Bob's certificate from the local keyserver: you're
good to go."

At no point does Alice need to know anything about the Web of Trust.
All she needs to know is --

1. She needs to keep her passphrase secure
2. If she wants to send secure email, she needs to
check to see if her recipient's certificate is
on the keyserver
3. If it's not, she needs to call the local CA

The rest can all be done automatically.

> Most users in this group have no single computer they operate on.
> Occasionally they must be able to create cipher-text on "drive-by"
> computers

This cannot be done safely.

You must have physical control over the hardware for GnuPG to be used
safely. "Drive-by" machines have uncomfortably high malware infection
rates. Don't use GnuPG except on machines that you physically control
and are confident are free of malware.


_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


peter.segment at wronghead

Aug 1, 2012, 5:18 PM

Post #7 of 11 (832 views)
Permalink
Re: gpg "simplified"? [In reply to]

(repatriating to the thread)
On 01/08/12 22:13, vedaal [at] nym wrote:

> http://www.angelfire.com/mb2/mbgpg2go/tp.html

Useful reference, thank you. It would follow from there
that (as I suspected) gpg 1.4.12 code base is the best
candidate for the fork.

> caveat:
> You are the judge of what your threat model is...

Of course. (well, not me personally - I'm just one among
a number of individuals this group of users has asked to
comment on the various ways of going about constructing the
programs with the desired functionality).

Unlike gpg, which is a piece of "for-public" software that
must be capable of resisting all kinds of different threats,
because it is almost universally deployed with no prior
user-specific threat analysis, the hypothetical "trampCrypt"
(my term) suite we are discussing here is intended for a group
that has performed a very thorough, *group operation specific*
threat analysis. One of the most important results of this is
that it has been determined there is absolutely no threat of
"recipient impersonation", and that, potentially, provides
for much leaner code and much simpler operation (when compared
with the "for-public" gpg). One of the less important results
was that malware was found not to be a significant threat,
which is why I'll ignore the subject of malware from now on,
and would like to politely ask others to do the same.

Peter M.


_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


faramir.cl at gmail

Aug 21, 2012, 8:16 PM

Post #8 of 11 (779 views)
Permalink
Re: gpg "simplified"? [In reply to]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

El 31-07-2012 8:17, peter.segment [at] wronghead escribió:
...
> Correct me if I'm wrong, but it is unreasonable to expect anybody
> to successfully and safely use gpg without understanding the
> concepts and mastering the skills essential to the WOT:

I think you are wrong about that. All the user needs is a properly
configured portable install of GnuPG (and very likely, an easy to use
GUI, because if Allice can't understand WOT, probably using CLI won't
make her happy at all).

The "group manager" (from now on, the administrator) has a key, used
to sign the member's key (as Robert explained in the message from july
31, about using Thunderbird+Enigmail). Gpg is configured to trust
Administrator signature, probably her own signatures, and nothing else
(so, it will be a very short WoT). If she encrypts a file to a public
key, either:

a) Gpg sees the key is signed by the administrator, and allows the
encryption. Allice doesn't have to know about the internal magic in
this process.

b) Gpg doesn't find the administrator signature, and rejects the
recipient's key as not valid. Allice doesn't need to know what does it
mean, she just need to know "if GPG doesn't let me do this, I must not
do this". Of course, if all they keys she has available came from the
software provided by the administrator, this will never happen.

...
> "group manager" in the widest possible sense). He can easily do
> all the necessary key management (distribution, verification,
> revocation...) functions in the course of his other (quite
> extensive, actually) group management tasks and activities.

Then the end user will never have to bother about what is a WoT. GPG
and the group manager will handle that part. End user just need
updated public keyring.


> Most users in this group have no single computer they operate on.
> Occasionally they must be able to create cipher-text on "drive-by"
> computers, not connected to the public network or where any
> network access is raising undesired attention . It is essential
> that the software requires no "installation" on the computer it is
> to be used on. (i.e., it must be statically linked, with no
> external dependencies).

I have GPG with GPGShell on my USB flash drive, and I can encrypt,
decrypt, and generate keys quite easily. Of course I can do a lot more
things, but I'm not forced to do any other thing. And since GPGShell
is JUST a GUI, that means GPG can do the same things from command
line, and unlike GPGShell GUI, it is available for windows, linux, etc.

Now I already said that, I must also say I don't enter my private
key passphrase in a computer I don't trust. In fact, I don't remember
if I ever used my portable gpg, other than to test if it works. I
carry it with me just in case I go to visit my father, and for any
strange reason, I want to decrypt a file I have at my 4shared account.
I know his computer is probably safer than mine, since he uses it just
for work, he doesn't install stuff on it, and so on.

Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBCAAGBQJQNE8lAAoJEMV4f6PvczxAeR8H/jr+cXxjZebOD9yv2INAsR4c
t5PrOKdL1YIbLOhi5900hosY/Fuj5+Dvb2d7V64OM47IFrPN/4ud+pGs3iK4Mlbf
1sNJU5NUozo8cspz1kizKi6uXbFWoAMllcyGBuGz7U7mflC7APIabZG8ItXPZjXv
rkPQGdpApdm8V2pp7g9ZbX3nSASoilvwsGT3a7SLVJvTK9e9wZT2EXRWTvcPxdo5
loLaVmaJSnKSKPgNgRXB9BomMIuHlGftlY6KZSeCvP/adzazKb+uHyW9XCgztZuH
p9qvQAR443anYrl68AJIEpfUKvjBbWpDYnXz4VZwI3hmzNWu6CrZX1FElugT+qM=
=W66I
-----END PGP SIGNATURE-----

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


peter.segment at wronghead

Aug 22, 2012, 11:59 AM

Post #9 of 11 (775 views)
Permalink
Re: gpg "simplified"? [In reply to]

Thank you for your comprehensive comments,

On 22/08/12 03:16, Faramir - faramir.cl [at] gmail wrote:
> I think you are wrong about that. All the user needs is a properly
> configured portable install of GnuPG (and very likely, an easy to use
> GUI, because if Allice can't understand WOT, probably using CLI won't
> make her happy at all).

FWIW, this is not our assumption. Alice is far from a "computer
illiterate" and such simple CLI interaction is for her a trivial
exercise.

GPG is on the other hand so tightly integrated with WOT that no matter
what, it is unavoidable that any user will sooner or later stumble
upon some of WOT anatomy or physiology minutia, and that will have
at least one of two rather detrimental consequences:

a) with insufficient knowledge of the WOT model, Alice will take
a "wrong turn" and therefore impact the overall security of the group;

b) Forced to deal with things she doesn't fully understand, Alice will
lose the confidence in the security the system provides.

The second point is worth elaborating upon. Somewhere else you say:

> Allice doesn't need to know what it does...

and:

> Then the end user will never have to bother about what is a WoT. GPG
> and the group manager will handle that part. End user just need
> updated public keyring.

This thinking pretty well follows the contemporary computer security
dogma: the user need not understand any of the underlaying concepts,
the user just has to trust whoever has designed and implemented
the system.

In our case, that is simply wrong. Alice is no fool, Alice is (probably)
a medical or technical professional, Alice is reaing the papers, Alice
knows that computer security is full of holes, and unless she, herself,
has a reasonable knowledge of the system upon which ~her~ security
depends, if in doubt, she will respectfully decline to participate in
the activities of the group this system is supposed to serve. What she
doesn't understand *is a liability*. Not all liabilities can be avoided,
but they certainly must be minimized. It's not to say that Alice must
be proficient in the design of crypto algorithms, but she ~must~
understand and have the confidence in data formats and the protocols.

> I have GPG with GPGShell on my USB flash drive, and I can encrypt,
> decrypt, and generate keys quite easily. Of course I can do a lot more
> things, but I'm not forced to do any other thing. And since GPGShell
> is JUST a GUI,that e that means GPG can do the same things from command
> line, and unlike GPGShell GUI, it is available for windows, linux, etc.
>
> Now I already said that, I must also say I don't enter my private
> key passphrase in a computer I don't trust. In fact, I don't remember
> if I ever used my portable gpg, other than to test if it works. I
> carry it with me just in case I go to visit my father, and for any
> strange reason, I want to decrypt a file I have at my 4shared account.
> I know his computer is probably safer than mine, since he uses it just
> for work, he doesn't install stuff on it, and so on.

Alice (in the most common usage scenario) carries with her a USB stick
that has no file on it that, unless it is broken cryptographically, is
anything other than a stream of random bytes. The three (or a single)
programs that we are considering here are either downloaded from a
public web site and jettison after the use, or are on a CD that is not
in her possession when she is in any danger of being confronted by an
adversary.

Peter M.




_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


rjh at sixdemonbag

Aug 23, 2012, 10:07 AM

Post #10 of 11 (775 views)
Permalink
Re: gpg "simplified"? [In reply to]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA224

On 08/22/2012 02:59 PM, peter.segment [at] wronghead wrote:
> GPG is on the other hand so tightly integrated with WOT that no
> matter what, it is unavoidable that any user will sooner or later
> stumble upon some of WOT anatomy or physiology minutia, and that
> will have at least one of two rather detrimental consequences:

As has been pointed out to you by at least two separate people, by
having a single trusted introducer who serves as the gatekeeper for the
entire system this problem goes away.

The problem you are talking about is routine. I faced it when I was the
chief sysadmin for a law firm and deployed GnuPG to 150+ desktops.
Pretty much anyone who has ever deployed GnuPG and/or PGP has faced it.
Solutions to this problem exist, are well-known, and pretty thoroughly
tested.

Deploying PKI is nowhere near as big of a problem as convincing people
that PKI adds benefit to their lives.

> This thinking pretty well follows the contemporary computer
> security dogma: the user need not understand any of the
> [underlying] concepts, the user just has to trust whoever has
> designed and implemented the system.

You don't need to understand statics, the modulus of compression, the
difference between shear and torque, the modulus of expansion, or any of
those other things to use a bridge: you just walk or drive across it.
For those who build the systems, of course they need to understand it in
detail. Users, though, need to be insulated from these things as far as
is practical.

Right now the number one thing killing PKI is the fact nobody wants to
adopt it. If you state, "well, before someone can use PKI they must
understand the underlying concepts," you're automatically selecting for
the upper 1% of computer users.

I think the other 99% deserve better.

> It's not to say that Alice must be proficient in the design of
> crypto algorithms, but she ~must~ understand and have the
> confidence in data formats and the protocols.

One of the data formats used in GnuPG is PKCS12. I doubt that anyone on
this list fully understands the PKCS12 data format and protocol. A
while ago Werner condemned it as "even by ASN.1 standards a nightmare to
parse." You don't want to hear my opinion on parsing PKCS12: my
language would make the lands near me barren.

If you say Alice *must* understand and have confidence in the data
formats and protocols, well, where do you draw the line? Because if you
draw the line at a very high level, then you're adopting my position.
If you draw the line at a very low level, then you're saying she needs
to understand how PKCS12 works. And if you draw the line anywhere in
between, then you're adopting my position but just quibbling over
precisely where you want the line to be drawn.

(Now, it's true that PKCS12 is normally not used as part of OpenPGP;
it's more closely associated with GnuPG's S/MIME code. But I trust that
the point is made.)

-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iFYEARELAAYFAlA2Y20ACgkQI4Br5da5jhDTyQDfRSRKH2kote7F8nkAoSQ7rsP+
YYWLgX4lspbx3gDdGL1v0PT5FQDLQps8WnHRPKwWj91yIr6PGGXjrg==
=Ro6a
-----END PGP SIGNATURE-----

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


faramir.cl at gmail

Aug 23, 2012, 11:55 PM

Post #11 of 11 (778 views)
Permalink
Re: gpg "simplified"? [In reply to]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

El 22-08-2012 14:59, peter.segment [at] wronghead escribió:
> Thank you for your comprehensive comments,

You are welcome, lets add more comments.

> On 22/08/12 03:16, Faramir - faramir.cl [at] gmail wrote:
>> I think you are wrong about that. All the user needs is a
>> properly configured portable install of GnuPG (and very likely,
>> an easy to use GUI, because if Allice can't understand WOT,
>> probably using CLI won't make her happy at all).
>
> FWIW, this is not our assumption. Alice is far from a "computer
> illiterate" and such simple CLI interaction is for her a trivial
> exercise.

Clicking a couple of buttons on a GUI usually is easier than
remembering a command with 1 or 2 options plus 2 or 3 parameters.
Selecting a recipient from a list is easier than remembering and typing
the ID of the recipient. I'm not computer illiterate too, but a lack of
GUI would make gpg usage very uncomfortable for me.

> GPG is on the other hand so tightly integrated with WOT that no
> matter what, it is unavoidable that any user will sooner or later
> stumble upon some of WOT anatomy or physiology minutia, and that
> will have at least one of two rather detrimental consequences:
>
> a) with insufficient knowledge of the WOT model, Alice will take a
> "wrong turn" and therefore impact the overall security of the
> group;

Yes and no. If the group manager configures the software, and Alice
doesn't modify config files, GPG should prevent her from taking wrong
turns. Getting people's public keys is easy, but making GPG to accept
them as "valid" keys is not that easy. You need to either sign them, or
to modify config file to skip GPG's decision. There are several WoT
models available, and if the Group Manager chose an strict one, and
Alice doesn't sign keys or modify the config file. It is possible to
remove Alice's primary key from her keyring, so she can't sign other
people's keys, even if she wants to.
In other words, if the software is properly configured, taking a wrong
turn would require parking the car and using a wrench to remove the
guard rail. So Alice would not take a wrong turn by mistake.


> b) Forced to deal with things she doesn't fully understand, Alice
> will lose the confidence in the security the system provides.

Since she is already going to use security software on unsecured
computers, I don't know how much confidence she should have on it, but
that is another matter.


> The second point is worth elaborating upon. Somewhere else you
> say:
>
>> Allice doesn't need to know what it does...
>
> and:
>
>> Then the end user will never have to bother about what is a WoT.
>> GPG and the group manager will handle that part. End user just
>> need updated public keyring.
>
> This thinking pretty well follows the contemporary computer
> security dogma: the user need not understand any of the underlaying
> concepts, the user just has to trust whoever has designed and
> implemented the system.

Well, it was you the one that said Alice doesn't have the time to
learn about WoT and other stuff. I tried to say GPG can be configured to
don't let her make wrong decisions (she can't take wrong turns). But
that requires Alice won't attempt to disable safety measures, because if
she does so, then she will be in a road with a lot of possible turns
with banners she doesn't know how to read.


> In our case, that is simply wrong. Alice is no fool, Alice is
> (probably) a medical or technical professional, Alice is reaing the
> papers, Alice knows that computer security is full of holes, and
> unless she, herself, has a reasonable knowledge of the system upon
> which ~her~ security depends, if in doubt, she will respectfully
> decline to participate in the activities of the group this system
> is supposed to serve. What she doesn't understand *is a liability*.
> Not all liabilities can be avoided, but they certainly must be
> minimized. It's not to say that Alice must be proficient in the
> design of crypto algorithms, but she ~must~ understand and have the
> confidence in data formats and the protocols.

Well, considering she will be using insecure computers which no amount
of encryption can make safe, maybe she should respectfully decline to
participate in the activities of the group.
The configuration Robert suggested to you means the WoT is reduced to
"keys approved and provided by the Group Manager". Any other key Alice
might find would be considered as "invalid" and the software would
refuse to encrypt messages to those keys. In other words, there is no
WoT, there is a vertical single-link chain of trust, because the only
person that can add keys to the allowed recipients list is the group
manager.


> Alice (in the most common usage scenario) carries with her a USB
> stick that has no file on it that, unless it is broken
> cryptographically, is anything other than a stream of random bytes.
> The three (or a single)

In other words, her USB stick must look like an unformatted storage
unit? If that is the case, no GPG based software can do that. Whatever
software you use to encrypt files will produce FILES as output. And
files can be seen when they are stored in a drive, even if you can't
know what is that file about.
What you would need is an encrypted drive, that can make an USB stick
to look as empty, without even a filesystem on it. But that would be
suspicious by itself, because USB sticks come formatted from the
factory. If you want that USB stick to look like it is ready to receive
files, but otherwise empty, and filled with random bits (but full of
information if you enter the right password), then I don't know of
anything capable of providing that capability.

Truecrypt can encrypt the whole USB drive, but as I said, each time
you plug it on a computer you will get the message "the drive doesn't
have format, do you want to format it now?". And also, you can't run
truecrypt portable on a computer if you don't have administrator rights.

> programs that we are considering here are either downloaded from a
> public web site and jettison after the use, or are on a CD that is
> not in her possession when she is in any danger of being confronted
> by an adversary.

There is also a risk in how you jettison those programs. Currently
even "secure wipe" is not guaranteed to work, maybe you can corrupt the
files, but some parts may remain. To make sure nothing can be recovered
from a drive, you need to encrypt it before adding files to it.

If Alice will get a CD with the program files on it, then that CD
can have a "live CD" operating system on it, plus truecrypt (to mount
the encrypted USB drive), and GPG (you can place encrypted files
inside an encrypted drive, in case you later want to send them as
email attachments or whatever). But the USB drive will still look
suspicious, even if nobody can prove there is something inside it. If
you decide to use Truecrypt, you must also be aware you can have a
hidden (and also encrypted) partition inside the encrypted partition,
and if the adversary is also aware of that, he can request Alice to
show what does she have in the hidden partition, even if she has not
created one. Nobody can prove there is a hidden partition, but you
can't prove you don't have one, so beware of bamboo needles.

So far, unless Alice doesn't care if she is caught carrying an USB
drive that mysteriously lost its file system, or that has mysterious
garbage files inside, I think the requirements of the software are not
feasible.

Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBCAAGBQJQNyVVAAoJEMV4f6PvczxANT0IAJSMI6ss6Bw7gOdf+aGPZDTF
R0U9jo59ZmFY/mZFJAhrqq9UyzBPCqGkyo9xSyL4Bh3vmhwk4dgMYpr4Pt0Sq2Rc
HPjHrUqYk7bMGbrGsfrKuX9mIYa+Pkz7EMogtbbt16b81j6Z7db1EPeWBtVG+XBU
+za0llqBLmDmcuA4xifUe459d5WPRNG0I1xl+UztPMMviGxD3G7ACFkeFC0gaRwQ
4Jc6eiKb4gLnzx4Kt+PRh30f++ZyWdqu8KDgOBG92/uZsxPMwqHjw6sUZ1BR4nln
CbSCck3CtD1b1P2Rlw+AHr9pWEu/IZ7nyxJOUgRnuehZaRXi3S9CswDuN91jA70=
=HZdF
-----END PGP SIGNATURE-----

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users

GnuPG users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.