On 8/11/2020 at 3:00 PM, "Stefan Claas" <s...@300baud.de> wrote:
...
>As understood a Pegasus operator can do what ever
>he likes to do remotely, anonymously with our (Android/iOS)
>smartphone, without that we know that this happens.
...
>in form of a best practice FAQ (cross-platform), to no longer use
>encryption software on online devices and work out
>strategies to use offline devices and how to handle this data
>securely over to an online device, until proper and affordable
>hardware encryption devices for online usage are available?
=====
There is already a simple existing solution.
[1] Encrypt and decrypt on a computer that has internet hardware disabled.
[2] Use an Orbic Journey V phone that gets and sends *only text*
[3] Use a microsd expansion card on the orbis phone
[4] set up the phone to save encrypted texts on the microsd 'storage' card
[5] Take out the microsd card and use a card reader in the computer in [1]
transfer text only (encrypted or decrypted)
Any file can be sent as encrypted text by using the armor option -a on the
GnuPG command line.
(this includes audio, video .jpg, .png, pdf, etc. literally any and all
possible file types.)
Even if the Orbic uses the *unknown* system, if your are encrypting and
decrypting on a separate air-gapped computer, and transferring only text to a
microsd, it is hard to see how it can be compromised.
(Yes *Anything* can happen, but without evidence, there is no end to paranoia)
It is not the place of the FAQ to solve the transmission issues of an already
perfectly formed GnuPG encrypted .asc file.
The manual and/or FAQ, tells how to use GnuPG to encrypt or decrypt the file,
and armor it.
The rest is up to the User's threat model.
(btw,
There is, [afaik], no protection available in GnuPG
against a Clairvoyancy attack vector on an encrypted file even in an air-gapped
computer,
and there is a rumour that any Witch or Wizard can instantly behold the
plaintext of an encrypted message
by flicking a wand at it, and using the simple charm 'Revelato' )
but not really in my threat model 8^))))
vedaal
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
