Communicating with an air-gapped system

Posted Oct 3, 2017 9:46 UTC (Tue) by epa (subscriber, #39769)
Parent article: Strategies for offline PGP key storage

Wouldn't the old-fashioned serial port be a better choice than USB for getting information to and from your air-gapped system? The serial port can even be constrained in hardware to be output-only, or input-only, just by not connecting some of the pins.

Communicating with an air-gapped system

Posted Oct 3, 2017 17:57 UTC (Tue) by drag (guest, #31333) [Link] (1 responses)

If you want something really dumb and simple and one-way then printing out to QR code and getting brain-dead 2d code scanner may be useful. The simple scanners are essentially just keyboards that type out whatever you scan in + a programmable code ( tab key vs return key, etc).

You could print out the master code, destroy the digital copies and just use that. You could even be all cloak and dagger, encrypt the master and split the code up into 2 or more fragments. Keep one half locked in your desk and the second half in a laminated card in your wallet. Or maybe have a 'little black book' of keys you can scan in and then have the password to decrypt them in your wallet.

The downside is that you lose all the features of a proper keycard. The upside is that pretty much everything you need is at your local office supply store.

Communicating with an air-gapped system

Posted Oct 5, 2017 13:17 UTC (Thu) by genaro (subscriber, #82632) [Link]

> If you want something really dumb and simple and one-way then printing out to QR code and getting brain-dead 2d code scanner may be useful. The simple scanners are essentially just keyboards that type out whatever you scan in + a programmable code ( tab key vs return key, etc).

I did a research paper in college on this topic. It's feasible to export ascii-armored keys and read them with QR. 4096-bit RSA keys are rough, but workable. With newer EC keys the QR method gets much, much easier.