On Tue, 28 Jun 2005 04:58:52 -0400, Charly Avital said: > I may not understand what you mean by "portable". > I suppose that a secure viewer (software program) could not be nearly > ported to GnuPG?
GnuPG is a command line tyool which only manges text input and output and as such it is pretty portable. For a viewer you need a graphical user interface to be able to display custom made fonts. Portability is harder to achieve than with text tools but in general not a real problem. However, it is a well known paradigm on Unix to have small specialized tools and not to put every thing into one big application. A secure, or well better tempest resistent, viewer should for sure be done as a separate application or as part of a gpg frontend. > I shall not discuss whether TEMPEST attacks, when targeted to CRT or LCD > displays pose a real threat to encryption users (who is the targeting > agent? who are the targeted/chosen users?) because I have no expertise > or even reasonable knowledge of the technological aspects of that issue. See http://www.cl.cam.ac.uk/TechReports/UCAM-CL-TR-577.pdf for the theory and examples of tempest attacks. > But if it is, in fact, a viable way to breach confidentiality, it is > possible that GnuPG could consider to include an external secure viewer > program in future developments. As a matter of fact, according to > Werner's email, some work has already been done, and is included in the CVS. Well, there has not been much work done. It was planned for some later GPA releases but development of GPA more or less stopped so we are not quite where we wanted to be a long time ago. A simple text renderer as an alternative to less(1) on X would be useful for quite some applications. IIRC, GNOME has a gless tool which could be enhanced by using filtered fonts. I new text widget for GTK+ is probably the best way to achieve this. Salam-Shalom, Werner _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
