Jonathan Schleifer: > On Wed, 04 Mar 2015 14:29:47 +0300, Robert Deroy <robert.de...@mail.ru> wrote: > >> How could i do for use gpg on a usb key, because i have no computer, i only >> go in cybercafé. >> >> I want to use the last version, 2.1.1, with gpa. > > I woudl recommend to boot off a Tails USB stick, as everything else would be > way too risky in a public place. Don't even think about just running the > executable on some system! Tails is - as far as I know - the only system > designed to still provide security in the environment of a café. It goes so > far as so try to wipe the memory when you shut down.
FWIW: Tails https://tails.boum.org/ Despite Tails' aim to protect its users and their communication, you would still put a lot of trust in other people when using it in an internet café and Tails could not protect you. A simple thing an attacker (evil internet café owner, previous users) could do is to install a keylogger or another hardware implant in the computer that you cannot see. The attacker could then easily record your keystrokes when you type in the passphrase to your key. As a countermeasure, Tails also ships with Florence [0], a virtual keyboard that you can use to type instead of the hardware keyboard. But even if you use the virtual keyboard, there could be a camera behind you watching your screen (and keystrokes), or the cable from the computer to the monitor could split the signals to a video recorder or other implants inside the monitor. Personally, I'd rather ask a close and trustworthy friend whether I could use their computer instead of an internet café, library, or other publicly accessible location where I don't know the people behind. But of course, there may be situations where these are the only options. > And here's the catch: It comes with GnuPG - but GnuPG 2.0.x AFAIK. Are you > positive you absolutely need 2.1? The main reason to require 2.1 is to use > ECC, I guess. The current version (1.3) of Tails comes with GnuPG 1.4.12. However, if you require a more/the most recent GnuPG you could build/install it manually but it requires some additional steps: - You can /download and verify/ the Tails ISO image [1] and then burn it onto a DVD [2]. - You can now boot Tails from the DVD. - When it has booted you can plug in a USB stick (>=4GB) and use the small tool /Tails Installer/ [3] to copy the image from the DVD to the USB stick. - Shutdown, remove the DVD from the DVD drive, and boot from the USB stick. - Tails offers a /persistence feature/ [4] which is an encrypted volume using the remaining space of the USB stick (so there is the plain unencrypted Tails installation and an encrypted partition). When you reboot from the USB stick/SD Card with enabled persistence feature, the welcome screen /Tails Greeter/ lets you enter the passphrase to unlock the persistent volume. _Unfortunately, it is not possible to enter the passphrase using Florence here_! - In your home directory, there's now a directory "Persistent" that is stored in the encrypted volume and the data you put there stay there even when you reboot Tails (but not on outside directories). As next steps you would install tools needed to build GnuPG, download and verify the GnuPG sources, and build your GnuPG. - In /Tails Greeter/ you can set a root password, so you can `sudo apt-get install gcc binutils' and all the other build tools and libraries afterwards. You can even install these additional software packages [5] on every session (though it is an experimental feature and not presented in the assistants). - Then you can download the GnuPG sources to your ~/Persistent directory, verify the signature, and build GnuPG. If you have further questions regarding Tails, you can read the documentation [6] (there's a lot of it!) or write an email to their mailing lists tails-support-priv...@boum.org [7] (private/non-public) tails-supp...@boum.org [7] (public) HTH, ~flapflap [0] https://tails.boum.org/doc/encryption_and_privacy/virtual_keyboard/index.en.html [1] https://tails.boum.org/download/index.en.html [2] https://tails.boum.org/doc/first_steps/dvd/index.en.html [3] https://tails.boum.org/doc/first_steps/installation/index.en.html [4] https://tails.boum.org/doc/first_steps/persistence/index.en.html [5] https://tails.boum.org/doc/first_steps/persistence/configure/index.en.html#index14h2 [6] https://tails.boum.org/doc/index.en.html [7] https://tails.boum.org/support/index.en.html
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
