Safe transfer via USB devices

Ángel angel at pgp.16bits.net
Tue Oct 10 01:51:23 CEST 2017


On 2017-10-09 at 18:05 +0000, listo factor wrote:
> Use a USB floppy disk reader/writer and shred the floppies with 
> cleartext after the use. Writing sensitive cleartext to USB flash 
> "drives" that could potentially fall into the adversary's hands should 
> be avoided.

What is generally used in these cases (eg. handling a Snowden leak) is
to encrypt the files before storing them into the "drive" that moves
between computers (be that a usb key, a floppy...).

Thus, the secret data is an opaque blob even to an evil storage. You may
use whatever encryption, from a gpg-transfer-key to simply simmetric
encryption with a random one-use password (you only need to enter it
once, or at most twice).


PS: If you are going to such length for having a secure computer,
Windows 10 may not be the most trustable OS.


PS2: Rather than transfer executable files from the online to the
offline computers, I would recommend doing it the opposite way: move the
source code to the offline computer if needed, review it, compile there,
and move the compiled code from the offline to the online computer. So
that the compiled programs flow from higher security level to lower
level.


Best regards




More information about the Gnupg-users mailing list