Blog indexRolling🥎blogPermalink

Brief thoughts on secure communications with GPG keys in 2020+

Jake Thoughts24 Dec 2020 16:02:51 -0500

PGP/GPG encryption is assumed to be nice and secure, after all if no one has the private key then no one can read the messages made with the public key. This is a small part of my understanding of PGP/GPG. I admit, I do not know much when it comes to PGP/GPG encryption but there is one thing that does come to mind about the securing the private key itself which does concern me: hardware level backdoor.

I am talking about Intel Management Engine and whatever is AMD's equivalent. Rumor has it that IME and AMD's equivalent has a secret processor on the CPU chip itself which allows it to... do anything a non-secret CPU processor can do? I don't know specifics however that is the worst scenario that I can come up with. The processor can connect to the internet, meaning no matter what, you are permanently pwned. Not necessarily by the spooks, but by anyone who knows how to access them. All it takes is one leak from the spooks or those companies and the backdoor will be accessible to anyone. Isn't that scary?

Knowing this, how can one transmit messages encrypted with PGP/GPG keys with modern hardware? Create a PGP/GPG pair with a computer that can NEVER connect to the internet and use that computer to encrypt/decrypt messages. Alternatively, maybe use a dinosaur of a computer as a daily driver. I am out of ideas.

These are my brief thoughts on the matter. I dislike modern hardware more and more. Sometimes I wish I was a caveman. Or a monkey🐒. OOH OOH AAH AHH!

I am going to change my public GPG key that I've put on this website. If you have imported it, sorry, it's compromised. I'll attach a note to one of my opinion pieces after I do it. I thought it would be cool to sign my posts, but I realized that it would be easy for the spooks to pretend to be me, assuming they even wanted too.