Blog indexRolling🥎blogPermalink

Brief thoughts on secure communications with GPG keys in 2020+

Jake Thoughts24 Dec 2020 16:02:51 -0500

PGP/GPG encryption is assumed to be nice and secure, after all if no one has the private key then no one can read the messages made with the public key. This is a small part of my understanding of PGP/GPG. I admit, I do not know much when it comes to PGP/GPG encryption but there is one thing that does come to mind about the securing the private key itself which does concern me: hardware level backdoor.

I am talking about Intel Management Engine and whatever is AMD's equivalent. Rumor has it that IME and AMD's equivalent has a secret processor on the CPU chip itself which allows it to... do anything a non-secret CPU processor can do? I don't know specifics however that is the worst scenario that I can come up with. The processor can connect to the internet, meaning no matter what, you are permanently pwned. Not necessarily by the spooks, but by anyone who knows how to access them. All it takes is one leak from the spooks or those companies and the backdoor will be accessible to anyone. Isn't that scary?

Knowing this, how can one transmit messages encrypted with PGP/GPG keys with modern hardware? Create a PGP/GPG pair with a computer that can NEVER connect to the internet and use that computer to encrypt/decrypt messages. Alternatively, maybe use a dinosaur of a computer as a daily driver. I am out of ideas.

These are my brief thoughts on the matter. I dislike modern hardware more and more. Sometimes I wish I was a caveman. Or a monkey🐒. OOH OOH AAH AHH!

I am going to change my public GPG key that I've put on this website. If you have imported it, sorry, it's compromised. I'll attach a note to one of my opinion pieces after I do it. I thought it would be cool to sign my posts, but I realized that it would be easy for the spooks to pretend to be me, assuming they even wanted too.

Other thoughts

Random Name on 2021-04-18,12:35:58 said:

There is no evidence the ME is a backdoor and it wouldn't make sense for it to be one. Intel could add a backdoor into any part of the CPU they wanted to. Adding one into a public and widely criticised part just makes no sense.

Jake on 2021-04-18,15:48:11 said:

It doesn't have to make sense for it to happen. I know this is a cop out and not a real answer, but I also know the only direction this conversation would go is: "Where is the proof?" The quick-fix which I described as no-internet-computer or old-CPU is good enough for me and I think other privacy oriented people. Rereading my opinion piece makes me wish I was not as dramatic. "Secret processor!" "Spooks!" "Pwned!" Am I a child?

Due to abuse (the comments you see now are not abuse), commenting will be disabled for sometime. Send an email or something.