0

We have a bit of software that retrieves a file from a client, unencrypts it, processes it, encrypts the results, and sends it back.

We use PGP keys (our private to decrypt, their public to encrypt).

However it occurs to me that although we delete the file after we've processed it, it may be possible in theory to use an undelete tool to get it from the hard disk.

At the moment we use the gpg2.exe program as part of gpg4win to to the pgp decryption so I am not sure we can decrypt it directly to memory so it never touches the hard disk.

Is there a simple way to ensure it's completely gone for good when deleting it?

NibblyPig
  • 51,118
  • 72
  • 200
  • 356

3 Answers3

2

You could check if the gpg program allows getting the output from stdout instead of writing it to a file, so it doesn't get written to disk. Possibly there is also a C# or C++ library that could do the same.

If you have to use an intermediate file, you can make it a bit harder by overwriting the contents with random data a few times before deleting it, or using a specialised shredder tool to delete it.

As an aside: Note that if you are paranoid enough to worry about someone using special software to recover deleted data, you may also want to worry about fragments of the data remaining in RAM.

CompuChip
  • 9,143
  • 4
  • 24
  • 48
  • stdout might work, some of the files are 200mb+ though if that makes a difference? I'll consider the overwriting thing. It's not really for any practical benefit but instead for meeting certain guidelines and requirements about data security that some clients require. – NibblyPig Oct 25 '13 at 15:26
  • I haven't really tested reading those amounts of data from stdout, but I think that if you are able to take a 200 MB file in memory this should work too. I did recently use ProcessInfo.RedirectStandardOutput (and ProcessInfo.RedirectStandardError!) for smaller amounts of data and it worked fine. – CompuChip Oct 25 '13 at 16:26
0

You can use Wipe utility (http://wipe.sourceforge.net/) to, hm, wipe the unencrypted data.

Nickolay Olshevsky
  • 13,706
  • 1
  • 34
  • 48
0

Yes, it's trivial to both undelete the file and capture it on-the-fly as it's being written. So the safer approach is to use an OpenPGP library to perform all operations in memory (unless you have huge files that just don't fit into memory).

You need to remember that memory is also swapped to disk so if you have a top-secret data, your task becomes more complicated - you would need to create memory blocks that are not swapped, and somehow use them from .NET.

There's one more complication - if your application decrypts the data, then it has a private key nearby. There's a good chance for the attacker to steal the encryption key and then steal encrypted files and decrypt them.

So your main problem is outside of the disk - it's in ensuring security of the computer system in whole.

Eugene Mayevski 'Callback
  • 45,135
  • 8
  • 71
  • 121