Mailing List Archive

GPG Wipe Keys from RAM on Suspend
Hi. I came across a new cryptsetup feature that is supposed to protect
user data while the PC is in standby. It wipes the key from RAM when
sleep events are triggered. While it protects LUKS, other data and keys
loaded in RAM at the time are still vulnerable to forensic recovery. Can
you please consider adding a sleep key cache wipe feature to GPG?

[1] https://blog.freesources.org//posts/2020/08/cryptsetup-suspend/



_______________________________________________
Gnupg-devel mailing list
Gnupg-devel@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-devel
Re: GPG Wipe Keys from RAM on Suspend [ In reply to ]
On Sat, 19 Sep 2020 23:10, procmem--- said:
> Hi. I came across a new cryptsetup feature that is supposed to protect
> user data while the PC is in standby. It wipes the key from RAM when
> sleep events are triggered. While it protects LUKS, other data and keys
> loaded in RAM at the time are still vulnerable to forensic recovery. Can
> you please consider adding a sleep key cache wipe feature to GPG?

That exists for ages:

gpgconf --reload gpg-agent

is all what you need. However, the platforms all differ a lot on how
to run scripts on power events and thus the distros need to implement
this.


Shalom-Salam,

Werner

--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.