Dear all,
perhaps in a contextual menu from a right click on a file, there should appear a new option to delete de selected file in a secure way: shred/wipe files/directories. I think is an interesting option join with encrypt/decrypt file/directory.
kind Regards,
Jordi
Sorry Jordy,
but from my opinion it is not the task of this software to deal with secure deletion of data. There are enough problems concerning encryption, certificates and signatures and I guess that the developers have enough work to do to keep the software as it is up to date.
On the other hand; there is enough, and even good software, to fulfil the task of data destruction.
I can understand You to have all functions within one piece of software, but on the other hand there also may be paranoid people then, who do not want to have all functions within one tool.
So I think that the developers should leave it as it is.
Kind regard
Andreas
Hi Jordi, Hi Andreas,
right now “secure deleting” is not on our roadmap, because it is a more low level function that is hard to get right or to do at all and most of Gpg4win is cross platform.
Thanks for letting us know about what you expect to come with Gpg4win!
We want to make software for you, so your opinions are highly appreciated!
Best,
Bernhard
When you delete a private key from your private-key-ring in GPG, doesn’t that get securely deleted? Or is it unsecurely deleted, such that it could be discovered by doing a low-level reading of harddrive sectors?
Hi Animedude,
as far as I know, GnuPG deletes files according to the operating system.
So it depends on your operating system (and probably the specific file system you are using). Consult security guides for your operation system how to protect
against losing information at this point.
Best,
Bernhard
In most operating systems, the “deletion” of data does not mean truly deleting it (writing over it with 0x00 bytes), but rather is just marked as unused so it can be rewritten later with other data. If private keys in your keyring are truly deleted using the operating system standards, and not using a separate deletion function, then that is INCREDIBLY LOW SECURITY, and is for all intents and purposes the same as giving out your private key. And make no mistake, using simple undelete software, it is incredibly EASY to recover deleted files. So if you are deleting your private key, you are probably doing so because you believe your computer is about to be compromised by an adversary. However, if GPG4Win is not truly deleting it, but rather just using the operating system’s “delete” capability, then you are for all intents and purposes NOT deleting it, but rather deceiving yourself into BELIEVING that you have deleted it. The adversary who’s closing in on your PC is more than likely carrying a USB drive with undelete software on it (which basically allows them to see all files and their content, including ones marked by the operating system as “deleted”).
Hi Animedude,
you are slightly shifting the topic from the original
a) an addition of a general secure file deletion function would be nice
to
b) how does Gpg4win delete its own internal files.
Let me state in general that secure file deletion is a hard problem
and thus the Gpg4win people recommend to use a specialised tool
to match your setup and security requirements.
To give one references to point at some of the problems:
http://www.cs.fsu.edu/~awang/papers/acsac2012.pdf
writes
“”“Unfortunately, existing per-file secure-deletion solutions tend
to be file-system- and storage-medium-specific, or limited to one
segment of the operating-system storage data path (e.g., the file
system) without taking into account other components (e.g.,
storage media type). For example, a secure deletion issued by a
program might not be honored by optimization software used on
typical flash devices that keep old versions of the data.
Solutions that rely on secure deletion of a stored encryption key
become a subset of this problem, because they, too, must have a
way to ensure the key is erased.
In addition, achieving secure deletion is hard due to diverse
threat models. “””
Best,
Bernhard
Ok, so my question is slightly different. Can you tell me how GPG4Win handles the destruction of its own internal files (such as the private key ring)? Does it use OS functions to do this? If so, does it first make sure that it overwrites its own files with all 0x00 bytes, before calling the operating system function to delete the file?
Hi Andreas,
I would like to know, in your opinión, what are a good programs to delete in a secure way files, directories and “free space”. I have found Eraser and Recuva. What do you think about?
Thanks and regards,
Jordi
Hello Jordi,
sorry for the late answer, I somehow missed Your mail.
in my opinion eraser is a good tool. Recuva is an unerase tool.
Another good tool for erasing, but no open source, is the secure eraser by ASCOMP:
Regards
Andreas
Thanks Andreas,
I have used eraser and it seems very good software to delete files in secure mode (you can choose the desired method from a lot of securely ones).
Regards,
Jordi
I have a different opinion, coming from PGP Desktop: In PGP Desktop on Windows the Explorer’s context menu was enhanced for a “Shred”.
AFAIR it would overwrite the file with random data first, then rename the file to some random name, and finally delete it. Possibly there were some extra measures specific to NTFS…
It does not need to extend the explorer’s context menu, but having extra entries in the File menu of Kleopatra to “shred” (wipe securely) files does make sense IMHO, and it’s not that hard to implement. I know that Linux nautilus (at least in Tails) can do that already, but WIndows lacks such a thing AFAIK.
Hi,
Bernhards Answer from 2015 is still valid. Securely deleting files is basically impossible if you do not control the firmware of the disk and/or the filesystem implementation. We consider this to be out of scope for us. Anything “easy” would be a bit like selling snake oil and that is not how we do things at Gpg4win. When we cannot guarantee that secure deletion actually works against forensic analysis we should not “pretend” to have such a feature.
Best Regards,
Andre