4

I've never used PGP before so my logic may be a bit off.

When receiving an email encrypted with my public key, would it not be best to unplug or disconnect my computer's internet before decrypting with my private key? That way there can be no chance of my private key being stolen?

Luc
  • 31,973
  • 8
  • 71
  • 135
watchy
  • 41
  • 1
  • Why would a network connection increase the chance of your key being stolen? – schroeder Aug 31 '17 at 23:42
  • Well, it's my understanding that malware can exfiltrate data over an internet connection. Thus, without one no information passes in or out. Correct me if I'm wrong... – watchy Aug 31 '17 at 23:52
  • 3
    Sure, but if you have malware that can read your key, then you would have to never connect to the Internet ever again, not just when you use the key. – schroeder Aug 31 '17 at 23:53
  • That's why I suggested using a live cd, reading your encrypted email, and then rebooting back into your original environment. And yes, I meant exfiltrate. Thanks... – watchy Aug 31 '17 at 23:56
  • 2
    Well, to answer the question in your body, then yes, a Live CD would reduce the chance of your key being stolen. To answer the question in your title, I'm not sure there is wisdom in the process. You have to understand the threats and risks involved. – schroeder Aug 31 '17 at 23:59
  • Yeah I should have clarified about using a Live CD without internet connectivity. – watchy Sep 01 '17 at 00:10

1 Answers1

3

I assume we want a deterrent against software-only attacks targeting the passphrase, unauthorized use of the private key to decipher or sign, or unauthorized access to deciphered data (including emails).

It would be effective to:

  1. Disconnect from the internet
  2. Make a full backup
  3. Use PGP/GPG with private key and passphrase
  4. Fully erase the machine (can be combined with 5)
  5. Restore the backup
  6. Reconnect

But without 2/4/5, disconnecting from the internet is only mildly effective. In particular, a software keyloger targeting the passphrase, or malware keeping track of deciphered data, has a fair chance to do its thing then exfiltrate the result after 6.

Problem is, 2/4/5 is a pain.

One reasonable option is to perform 1/3 in a Virtual Machine, and destroy it afterwards (or equivalently, restore a snapshot made before 1).

Booting on a live CD (assumed malware-free) is a nice option, but since there is no Windows live CD AFAIK, this won't accomplish much of what a Windows user want to do if HD storage is encrypted, or data (like emails) in a Windows-only format (Outlook..). The only reason I see to disconnect from the internet on top of that is to prevent exploitation of a vulnerability on the live CD.

fgrieu
  • 1,072
  • 7
  • 19