Hi, > 1. > The decrypted information must not make it to any persistent medium > (I understand gpg '-d' already guarantees it > as long as it manages the decrypted text, > but what happens after it leaves gpg?)
Use a full-disc encryption system for all your persistent media. > 2. > The decrypted text must not be stored in volatile memory > any longer than it is needed. You can use TaintedBochs or TaintedQemu to investigate that. > In particular, it should be converted to a human-viewable bitmap > and the computer-readable representation must be immediately erased. Doesn´t help much to try that, I would say. But feel free to try ... > 3. Only the information I need should be displayed. You need a Do-What-I-Mean system for that. > 4. > The bitmap must not be updated automatically > (the containing window must not display it > when it is in the background, whatever it means). > (It would be best to forget the bitmap altogether > and regenerate it upon request, > but it seems to be a hard thing to do > because the gpg output stream is not scrollable backwards). Use Overlay mode to display it. > > 5. > The bitmap itself should not make it to any persistent medium > and it should be scrambled, if possible, in the volatile memory. Implement the viewer in the graphic card, with the CUDA SDK or something similar. > 6. > It should not be possible > to make a snapshot of the graphic in the window > with any programmatic means > (you can of course make a picture of the screen with a camera). Overlay mode does that. > 7. > If more information is requested, > it should be displayed in small chunks. > The program should be fully unaware > of the content of the chunks that are not being displayed. > (That probably means a garbage-collected language cannot be used). I don´t understand why you need that. I would suggest that you seperate the small chunks into seperated encrypted files, to ensure that the reader only gets those chunks that you actually decrypted. > 8. > The application should be as lightweight as possible > (for source code audit). Agreed. > Can you direct me to some implementation meeting these requirements? I think your specification isn´t complete yet. You forgot about half of the requirements. I guess that: * You want a machine that seperates code from data (to be secure against trojans, virii and other malware) * You want secure documents, that can´t change dynamically, or otherwise contain invisible contents * You want a secure path to the user (and some more requirements that I forgot at the moment) What´s your budget for this small project? Best regards, Philipp Gühring _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
