"ved...@nym.hush.com" <ved...@nym.hush.com> writes: > Any adversary would question as to why the recipient continues to > receive files undecryptable to him, and also why you are encrypting > to additional keys, and to whom do they belong, etc.
So let's assume I'm not stupid enough to let that adversary know who I'm sending the message to. Two options: 1. Use a newsgroup as you suggest below. 2. Randomly send messages that can't be decrypted to random recipients to obscure matters. The adversary would have to cope with the fact that I have stuff to hide. :) > A simple way to do this using gnupg, would be something like the > following: > > [1] Don't send the file to any recipient who requires deniability. Yes, per above. > [2] Instead of additionally encrypting the file to another key, > additionally encrypt it symmetrically. Why would I do that? That together with [9] that's exactly what gpg does when using asymmetric ciphers. > [3] Use the throw-keyid option when you encrypt to your key. Yes, per my original suggestion. > [4] Post the encrypted file to a newsgroup like comp.pgp.test or > other group that allows test postings. Yes, per above. But good idea to not use an anonymous group -- this way I can say I was testing stuff. > [5] Your plausible reason for encrypting conventionally in addition > to your key, is your concern that you might one day lose your > keyring. I don't find that so plausible but yes, agreed that I can make up a reason. Though I don't see the benefit in symmetric encryption at all for this. > [7] Your plausible reason for posting it to a newsgroup, is that > you are concerned that 'cloud' organizations might go out of > business, and this is a simple inexpensive backup. Yes that, or testing. > [8] Your plausible reason for using the throw-keyid option, is that > since you are posting publicly, you prefer to remain anonymous. I'd say it's a plausible reason to say "I want my privacy". But yes, this is a good reason. > [9] Use a *really good* passphrase (diceware 10 words, [ 7776^10 > > 2^128 ] ), and find a way to securely make it known to the > recipient(s). Which is what would happen if I used asymmetric ciphers. > [10] Since you are using such a 'good' passphrase, it is entirely > plausible that you could 'forget' it. ;-) Couldn't I also forget who the key encrypted to? However I might still be forced to surrender the session key, so maybe encrypt-to-self isn't such a good default? > Consider very carefully who your threat model adversary is. > You don't want to do this with Three Letter Agencies or criminals, > whereas it might be OK for decent university administrations. :-) For now just an abstract adverse adversary. :) -- PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
pgpNxu7Cuodt6.pgp
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
