GPG Wipe Keys from RAM on Suspend

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

GPG Wipe Keys from RAM on Suspend

GnuPG - Dev mailing list
Hi. I came across a new cryptsetup feature that is supposed to protect
user data while the PC is in standby. It wipes the key from RAM when
sleep events are triggered. While it protects LUKS, other data and keys
loaded in RAM at the time are still vulnerable to forensic recovery. Can
you please consider adding a sleep key cache wipe feature to GPG?

[1] https://blog.freesources.org//posts/2020/08/cryptsetup-suspend/



_______________________________________________
Gnupg-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-devel
Reply | Threaded
Open this post in threaded view
|

Re: GPG Wipe Keys from RAM on Suspend

GnuPG - Dev mailing list
On Sat, 19 Sep 2020 23:10, procmem--- said:
> Hi. I came across a new cryptsetup feature that is supposed to protect
> user data while the PC is in standby. It wipes the key from RAM when
> sleep events are triggered. While it protects LUKS, other data and keys
> loaded in RAM at the time are still vulnerable to forensic recovery. Can
> you please consider adding a sleep key cache wipe feature to GPG?

That exists for ages:

  gpgconf --reload gpg-agent

is all what you need.  However, the platforms all differ a lot on how
to run scripts on power events and thus the distros need to implement
this.


Shalom-Salam,

   Werner

--
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

_______________________________________________
Gnupg-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-devel

signature.asc (233 bytes) Download Attachment