Hello, On 200802010958, Krzysztof Żelechowski wrote: > 1. The decrypted information must not make it to any persistent medium
Use full-disk encryption, as has been stated before. That way, you can be confident that nothing leaks into unencrypted places, since such do not exist in the running system. > 2. The decrypted text must not be stored in volatile memory any longer > than it is needed. In particular, it should be converted to a > human-viewable bitmap and the computer-readable representation must be > immediately erased. That I can't understand your motivation for. I suppose you're afraid that once compromised, your adversary can't search through memory for certain strings. But he could still be monitoring your actions, and copy whatever data you construct in RAM---including the adversary-readable bitmap. As Robert stated, many of your other requirements are void, if your adversary gains control of your machine. > 8. The application should be as lightweight as possible (for source > code audit). Right, agreed. > Can you direct me to some implementation meeting these requirements? I wrote a such script once, that satisfies much of (the serious amongst) your requirements. Email me personally, if you're interested. Other than that you may want to look at this vim plugin, which is along the lines of what you seek: http://vim.sourceforge.net/scripts/script.php?script_id=661 But I still hold that your requirements for protecting against a system-controlling adversary are silly! :) Regards, skrewz.
signature.asc
Description: Digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
