Dnia 06-02-2008, Śr o godzinie 10:03 -0500, Steve Revilak pisze: > > I have a file that I encrypted for myself > > and I want to read some information from it. > > The file is a text file and I need to read several lines of it. > > > > The following requirements must be met: > > I was going to suggest > > gpg --decrypt file.gpg | grep "interesting stuff" | banner | less > >/dev/null > > but I'll try to be more serious. :)
Yep, that is my current workaround, sort of, in a dedicated xterm. > > Out of curiosity, what kind of a threat vector are you anticipating? > By reading your list of requirements, the ones I've extracted are > > * Access to sensitive data via system memory is a threat. > > * Access to sensitive data via the file system (i.e. by examining > swap space) is a threat. > > * Access to sensitive data via the graphics system framebuffer is a > threat. > > * Access to sensitive data via visual observation (someone sees the > text on the screen, or takes a picture of the text on the screen) > is a threat. > That is basically what I had in mind. > As someone else mentioned, this brings up a lot of issues in the area > of trusting the hardware, trusting the operating system and so fourth. > Granted, they are interesting issues, but my gut instinct tells me > that this problem might be easier to solve with physical security. That requires a specialised hardware device; I am more interested in a software solution for the time being because I think it is more convenient and versatile. Of course, if I would have to guard something really dangerous, like ICBM launcher codes, I would choose a hardware solution (and I would not ask the members of this mailing list). > > For example, the first three threats imply that the data has to leave > the system where it is being viewed. Removing network access to that > system (unplug the ethernet cable, remove any wireless/bluetooth > hardware), would mitigate those threats, no? Certainly, but it is not always possible temporarily, and it is almost always impossible once and for all. And unplugging everything for a short time does not really help. > > As for threat #4, if you're viewing the data in a small, bare-walled, > locked room, you'd be able to tell (a) whether someone else was in the > room looking over your shoulder or (b) whether there was a camera > being pointed at your screen. I did not intend to address this problem at all. > > And if you don't trust the isolated computer in the small locked room, > you could even go as far as removing its hard drive -- you'd walk in > with a bootable CD that contained your encrypted file, boot up, read > what you needed, then halt. Good point, it can even be a Free DOS floppy disk with a RAM disk driver. I have not thought of that. Thanks, Chris _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
