Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Groups keyboard shortcuts have been updated
Dismiss
See shortcuts

Storing PGP messages

1 view
Skip to first unread message

wade

unread,
Nov 16, 2004, 4:40:01 PM11/16/04
to
Hi,

I'm a big fan of PGP. I often visit the UK where you can get 2 years in pokey
for not handing over your keys (if the authorities ever wanted to search my PC).
What I would like to do is find a way of disguising PGP messages which I have
stored. I have written one very simple program which will take a Base64 message
and store the character codes in a csv dataset (which is not out of place on my
PC). Does anyone have any other suggestions?

My mission is to have encrypted messages conveniently available, but not
identifiable as such. I have looked at programs like Truecrypt, but I am not
happy with the lack of 'stealth'. The storage of PGP messages does not have to
be crack-proof, more 'not obviously an encrypted message'. I would be happy(!)
to hand over my key to the authorities, but would prefer it if they didn't read
all the messages.

I would appreciate your thoughts.

A.Melon

unread,
Nov 16, 2004, 8:12:29 PM11/16/04
to mail...@dizum.com, mail...@freedom.gmsociety.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In article <2vvadqF...@uni-berlin.de>

You can always buy a little pendrive or memory stick and keep
everything on it. It's easy to carry along and hide. Encrypting
it with Truecrypt is a good idea (just in case). It's easiest
and in your situation the best solution.

Steganographic software could also help you. For example
DriveCrypt allows to create a virtual encrypted disk within a
.wav file.

You should work_only on your hidden disk or pendrive, but even
then you must wipe freespace of your HDD (Windows is creating
lots of temp files).

If you don't want to have encryption/steganographic software
other than PGP on your disk, you can always create and use
BartPE with encryption/steganographic tools. It's a bootable
Windows XP.You can burn it on a mini CD or copy to a pendrive.
It's a really good tool. It lefts no traces o HDD. It's using
only RAM.
If you need BartPE with cryptographic/steganographic tools and
don't know how to make your own, you can always contact necro
(necro1234 [at] yahoo NO.SPAM .com) and download BartPE Crypto
from him.
It has everything you need.

Read "Security and Encryption FAQ" by Doctor Who
http://www.panta-
rhei.dyndns.org/pantawiki/SecurityAndEncryptionFaq
it should help you.

Regards

cypher

-----BEGIN PGP SIGNATURE-----
Version: N/A

iQA/AwUBQZqZuSPnLg7nPH4AEQLM2gCgzOGYDIxGWNuiqnmcONEpbievWJQAoNBd
JB+KDStktyjgpjBZxcYybSfi
=OQdV
-----END PGP SIGNATURE-----

Neil W Rickert

unread,
Nov 16, 2004, 9:44:16 PM11/16/04
to
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

wade <m...@privacy.net> writes:

>My mission is to have encrypted messages conveniently available, but not
>identifiable as such. I have looked at programs like Truecrypt, but I am not
>happy with the lack of 'stealth'. The storage of PGP messages does not have to
>be crack-proof, more 'not obviously an encrypted message'. I would be happy(!)
>to hand over my key to the authorities, but would prefer it if they didn't read

It's no good asking here. If we suggest any good method of
concealing the files, we are at the same time publishing that
method. You need to invent a method on your own that nobody else can
think of and identify.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.91 (SunOS)

iD8DBQFBmrr9vmGe70vHPUMRAqQnAKCN2YO9pEPg/HkAdzLzTUUYegjLVwCg+ODI
fcJBECbUp2dWKdhrdq/HA9A=
=OjBN
-----END PGP SIGNATURE-----

Arthur T.

unread,
Nov 16, 2004, 11:24:21 PM11/16/04
to
In Message-ID:<2vvadqF...@uni-berlin.de>,
wade <m...@privacy.net> wrote:

>My mission is to have encrypted messages conveniently available, but not
>identifiable as such. I have looked at programs like Truecrypt, but I am not
>happy with the lack of 'stealth'. The storage of PGP messages does not have to
>be crack-proof, more 'not obviously an encrypted message'. I would be happy(!)
>to hand over my key to the authorities, but would prefer it if they didn't read
>all the messages.

Bestcrypt has a semi-stealth feature. You can create an
encrypted disk and put some data on it. You can then created a
hidden encrypted disk inside of it. If forced to give a password,
give them the pswd of the 1st-level disk, which does not have your
PGPed data. They've done their best to make sure that there is no
indication that a 2nd-level disk exists.

www.jetico.com - I have no relationship with them except as a
satisfied customer. (P.S., it's not freeware, but they have a
30-day trial.)

--
Arthur T. - ar23hur "at" speakeasy "dot" net
Looking for a good MVS systems programmer position

wade

unread,
Nov 17, 2004, 1:24:13 PM11/17/04
to
Neil W Rickert wrote:
> wade <m...@privacy.net> writes:
>
>
>>>My mission is to have encrypted messages conveniently available, but not
>>>identifiable as such. I have looked at programs like Truecrypt, but I am not
>>>happy with the lack of 'stealth'. The storage of PGP messages does not have to
>>>be crack-proof, more 'not obviously an encrypted message'. I would be happy(!)
>>>to hand over my key to the authorities, but would prefer it if they didn't read
>
> It's no good asking here. If we suggest any good method of
> concealing the files, we are at the same time publishing that
> method. You need to invent a method on your own that nobody else can
> think of and identify.


lol. of course, and thanks for replying anyway. I was just looking for some
ideas. I will have a look at the suggestions made by the others. Thanks to them.

Max Mustermann

unread,
Nov 17, 2004, 7:31:38 PM11/17/04
to mail...@dizum.com, mail...@freedom.gmsociety.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In article <cnedu0$392$2...@usenet.cso.niu.edu>


Neil W Rickert <ricke...@cs.niu.edu> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> wade <m...@privacy.net> writes:
>
> >My mission is to have encrypted messages conveniently available, but not
> >identifiable as such. I have looked at programs like Truecrypt, but I am not
> >happy with the lack of 'stealth'. The storage of PGP messages does not have to
> >be crack-proof, more 'not obviously an encrypted message'. I would be happy(!)
> >to hand over my key to the authorities, but would prefer it if they didn't read
> It's no good asking here. If we suggest any good method of
> concealing the files, we are at the same time publishing that
> method. You need to invent a method on your own that nobody else can
> think of and identify.


Authorities can record your mail, so hiding or deleting them if
they have it will make no sense if you will handle the key, so
you should connect to your mailbox using SSL or SSH.

I've got some simple method that is effective even whey
authorities know it.

Just change your encryption key and leave your signing key
intact.
Everything that was mailed to you will be unrecoverable.
It's not a good solution if you want to store your messages for
a long time, but very easy and fast if they should stay secret.

Another one is to not store your encrypted mail on your computer
but on another machine somewhere in other country, and work with
them on-line using encrypted connection.

I hope that my suggestions will help you a bit.

Regards

cypher

-----BEGIN PGP SIGNATURE-----
Version: N/A

iQA/AwUBQZvP0iPnLg7nPH4AEQJ8wwCdElFPTQdMK0LENJWraofzLgdqC4AAnips
NgtjUNQ89Vn8J7ds7ut8Hi9e
=QPZ5
-----END PGP SIGNATURE-----

Thomas J. Boschloo

unread,
Nov 27, 2004, 11:17:00 AM11/27/04
to
-----BEGIN PGP SIGNED MESSAGE-----

wade wrote:
| Hi,
|
| I'm a big fan of PGP. I often visit the UK where you can get 2 years in
| pokey for not handing over your keys (if the authorities ever wanted to
| search my PC).
| What I would like to do is find a way of disguising PGP messages which I
| have stored. I have written one very simple program which will take a
| Base64 message and store the character codes in a csv dataset (which is
| not out of place on my PC). Does anyone have any other suggestions?

Adam Back wrote a utility for pgp 2.6.3i. It will strip off the headers
that identify the message as a pgp message. After running PGPStealth
<http://cypherspace.org/adam/stealth/> you can steg the data into a
picture with a program like F5
<http://wwwrn.inf.tu-dresden.de/~westfeld/f5.html> (written in Java,
note that Outguess can detect the stego and if you use existing
pictures, the different binaries will indicate that one of the pictures
was tempered with).

Another good stego program is Scramdisk
<http://samsimpson.com/cryptography/scramdisk/>. It will hide your
messages inside an encrypted volume or even WAV files.

| My mission is to have encrypted messages conveniently available, but not
| identifiable as such. I have looked at programs like Truecrypt, but I am
| not happy with the lack of 'stealth'. The storage of PGP messages does
| not have to be crack-proof, more 'not obviously an encrypted message'. I
| would be happy(!) to hand over my key to the authorities, but would
| prefer it if they didn't read all the messages.
|
| I would appreciate your thoughts.

PGP Stealths documentation will give you a view on some of the pitfalls
you are having now that you might not know about...

HTH,
Thomas J.

(X-Posted to alt.security.scramdisk, as the OTFE discussion seems to be
more on topic there)
- --
The Thraddash: "So, what's this? SNORT! An unknown alien species?"
"How wonderful! Someone new to fight!"
Full Game Win/Mac/Linux: <http://sc2.sourceforge.net>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iQB5AwUBQaiofAEP2l8iXKAJAQE/ogMgk4+gQsJDCUlVL2vwmbiwCR/DLz2B2Ymr
E+Xl41T7MONBRLFfKTKN3IVjAgyjIPaU4LIGeMHpFGXMVITSQXbhpt4hRyeJqRlK
WTo9ilcVu4C2VDJiE8/9RDcqurW7h3IKeHt02w==
=+QcV
-----END PGP SIGNATURE-----

0 new messages