08/08/2017 (Tue) 03:51:02
STEP 13) Air Gapping It
To add an extra layer of security we will be using A:\ drive floppy disks to shuttle the encrypted.asc messages to and from a dedicated airgapped encryption station preferably running openBSD on a non-intel architechture, SPARC, PowerPC, Alpha, etc. Do not use USB as a substitute for this step (STUXNET).
0. Your decryption station will have full disk encryption and be powered off when not in use
1. Generate your keys on the air gap
2. Export your public key,change the file permisions to read only and save it onto a floppy disk A:\
3. Take the floppy disk and sneaker net it to your transmision computer which has the hidden service and postfix on it.
4. Publish your anonymous user name and public key as well as the hidden service onion name using tor and icecat, links, or endcurl or however on your tor hidden service website or on a message board forum like endchan.xyz.
5. Recieve the hidden service onion name and public key of your correspondent ( by reading a published name,address and public key on a forum or other communication method or by recieving it in your inbox by postfix after publishing yours)
6. Save the public key of your correspondent onto a floppy disk A:\ change permisions to read only write a sha256sum checksum for the file and shuttle it to the decryption/encryption station.
7. check the file againts the checksum, and then gpg import the public key to your key ring
8. Type a message for your recipient in plain text on the air gapped encryption station and encrypt it to encrypted.asc. Delete the plain text file if unnecessary to archive especially if it is incriminating.
9. Write the encrypted message encrypted.asc to the floppy disk and change permisions to read only also write the sha256 sum of the file to the floppy if you have space.
10. Shuttle the message by floppy disk A:\ to the transmission computer and send to your recipient using endmail
11. You can also write the sha256 sum of the file or sha512sum of the file onto the disk before sneaker netting it.
12. You can include this sha256 checksum as another attachment to transmit to the recipient or as a second followup email
Message too long. Click here to view full text.
Edited last time by Endwall on 08/08/2017 (Tue) 04:21:15.