2

I have this text:

Would you mind stopping by the local store and buy some baking soda for tomorrow, Betty-Sue?

Betty-Sue has given me her public PGP key, which I have imported and now use to encrypt the text to a PGP message block.

Alright. Now I have a "PGP MESSAGE BLOCK" with incomprehensible random-looking characters, which allegedly is my text in encrypted form, for that specific key.

How do I know that the text, when decrypted by Betty-Sue, won't say:

haxXed by cooldude92!!! his ip address 123.123.123.123 hostname customers.myisp.com username John Doe his sekurity suxxx duuude lol

? That is, whatever malware installed on my computer has replaced the text I intended to encrypt with that message full of personal information and/or taunting message from the attacker.

I can't verify that my text is inside there because I don't have Betty-Sue's private key -- only her public key! The whole point is that only Betty-Sue (or whoever else has a copy of the private key) can read the message!

Is there some sort of way to verify cryptographically that my plaintext actually is what the encrypted blob will turn into once decrypted by the private key owner?

It always freaks me out when I have encrypted a message and send away that blob, which I cannot read myself but the person on the other end can... I can't know what actually was encrypted. I don't trust my OS, GPG, my hardware or the network...

Warren Bossow
  • 21
  • 1
  • 1
    If you don't trust your OS, how could you possibly trust any method of reversing the encryption, even if there were one? At this point, I don't see anything you can do besides comparing the ciphertext to ciphertext generated by a known good computer. **Except** how could you even know that the ciphertext on your screen _is even what is being sent_? Malware could replace it in the background and always show you something fake. If you don't trust the OS, that opens up a HUGE number of problems. – Fire Quacker Mar 03 '20 at 03:53

1 Answers1

4

If you can not trust the machine you have PGP/GnuPG on and you think you might have malware on your system that has access to your Keys and Passphrase (if you signed the message) it's game over. There is no way to recover from that.

What you can do, however, is use PGP/GnuPGs method of adding multiple recipients. 

gpg --encrypt --recipient alice@example.com \
--recipient bob@example.com doc.txt

and use your own identity as one of the recipients. This is popular with many email clients with PGP/GnuPG support, because it allows you to view your sent mail.

Since the same message is now encrypted for both recipients, you can veriy what you send before you send it.

phisch
  • 1,305
  • 10
  • 14
  • I don't think this actually works. In particular, the malware that switched the plaintext as you tried to encrypt it could just switch it back when you go to decrypt, so you'd still have no idea. – Joseph Sible-Reinstate Monica Apr 27 '20 at 20:49
  • That's what I meant with "if you can not trust the machine ... it's game over" – phisch May 20 '20 at 07:53
  • For gnupg in particular, you can also use or preconfigure `--encrypt-to` which is added only when other recipient(s) are explicitly given; see https://www.gnupg.org/documentation/manuals/gnupg/GPG-Key-related-Options.html – dave_thompson_085 Jan 22 '21 at 03:17