gpg "simplified"?

peter.segment at wronghead.com peter.segment at wronghead.com
Tue Jul 31 14:17:48 CEST 2012


On 31/07/12 09:35, Werner Koch - wk at gnupg.org wrote:
> Why do you think gpg2 won't work or does any network access
> without user consent?

Correct me if I'm wrong, but it is unreasonable to expect anybody
to successfully and safely use gpg without understanding the
concepts and mastering the skills essential to the WOT:
key signing, sub-keys, revocations etc. This makes the use of gpg
(or even an early, "portable" pgp version (2.6.something IIRC?)
unfeasible). As far as the network access is concerned, the best
(the only?) way to ensure there is no compromising network access
is to have a network-ignorant application program.

In this application I have a group of otherwise technically competent
users that, however, have no need or interest to securely communicate
or exchange data with anyone who is not a group member and has not
been introduced to them by the group manager. (Please take the term
"group manager" in the widest possible sense). He can easily do all
the necessary key management (distribution, verification, revocation...)
functions in the course of his other (quite extensive, actually) group
management tasks and activities.

Most users in this group have no single computer they operate on.
Occasionally they must be able to create cipher-text on "drive-by"
computers, not connected to the public network or where any network
access is raising undesired attention . It is essential that the
software requires no "installation" on the computer it is to be used
on. (i.e., it must be statically linked, with no external dependencies).

 >> ... This file is encrypted with operator's public key...
 >this probably will not be possible ...

Yes (clumsily worded in the OP). Obviously, operator's private key
can't be "encrypted with itself" - it will have to be encrypted
with a pass-phrase generated key, just as it is in gpg.

Peter M.






More information about the Gnupg-users mailing list