GnuPG cannot know if is runs in a "secure" environment (Re: standard comment)

[Bernhard Reiter]

Hi,

Am Montag 25 Mai 2026 06:36:55 schrieb marqueandreprisal--- via Gnupg-users:
> How would this fine community recommend to make a standardized comment
> about keys being used in unsecure environments. For example buying an
> android™ off of the shelf and using keys with GnuPG Termux or Open
> Keychain is not sure because androids often have swap files which may be
> setup to dump memory and snag the private key.

as far as I can say a crypto component cannot tell if it is run
on an "unsecure" environment or not.

So even if GnuPG or Openkeychain wanted to record this, they would not be able 
to find out about this with reasonable certainty.

Consider the example that the software is running in a virtualized environment 
like qemu, which is "unsecure" in the sense that qemu can observe everything.
As qemu can "simulate" everything, it is not really possible to detect the 
fact.

On the other hand, a Android system maybe run air-gapped in a confined place, 
with a self build kernel and everything, which would make it quite "secure". 
So detecting that termux was used would not make a key pair "unsecure" alone.

Regards,
Bernhard


-- 
https://intevation.de/~bernhard   +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20260529/122850c2/attachment-0001.sig>