Koch: A New Future for GnuPG

Posted Jan 3, 2022 20:20 UTC (Mon) by ballombe (subscriber, #9523)
In reply to: Koch: A New Future for GnuPG by vadim
Parent article: Koch: A New Future for GnuPG

Using a library means sensitive data end up in the process memory space and might be swapped out to disk, or leaked by other mean.

to post comments

Koch: A New Future for GnuPG

Posted Jan 3, 2022 20:41 UTC (Mon) by NYKevin (subscriber, #129325) [Link]

There is no reason a separate process has to behave like /usr/bin/gpg does (i.e. en/decrypt one message at a time, then exit). You could have a gpg-like daemon and send it commands over a pipe or (Unix domain) socket. You could even order it to zero and free all heap allocations, kill itself, and relaunch at the end of each session, or separate instances could be launched by each process which wants to use GPG functionality (just make sure they kill themselves after a reasonable amount of idle time has elapsed so they can't be orphaned for too long). Such a daemon could also sandbox itself, e.g. by running inside of some sort of heavily-restricted container.

Koch: A New Future for GnuPG

Posted Jan 4, 2022 17:30 UTC (Tue) by vadim (guest, #35271) [Link] (2 responses)

How does a process make that any better? If GPG is decrypting something for you, you end up with cleartext on the output, then it's your responsibility to deal with that properly.

I also don't see why a library couldn't do that. These days gpg runs as a normal user, because locking a small amount of memory is allowed by the kernel without any extra privileges. So a hypothetical libgpg could just do that.

Koch: A New Future for GnuPG

Posted Jan 4, 2022 17:44 UTC (Tue) by ballombe (subscriber, #9523) [Link]

At least the decrypted private keys, nonce used and anciliary secrets are not exposed.

Koch: A New Future for GnuPG

Posted Jan 4, 2022 18:07 UTC (Tue) by ibukanov (subscriber, #3942) [Link]

In-process library implementing crypto in software can be attacked via Spectre. So to protect against key and password leaks a separated process must be used with defenses against cross-process attacks exploiting hardware vulnerabilities that are not yet fixed.