[Cryptography] Using Raspberry Pis

[Nathan Dorfman]

On Sun, Jan 05, 2014 at 08:38:11PM -0800, Tom Mitchell wrote:
> Network performance on the Raspberry Pi suffers because
> of the hardware design with networking hanging off a USB bus.
> 
> Having said this each of these features need not live on a single
> board.   Development and operations can be ported,  tested, developed
> on both the Ras-Pi or the BBB.   For development the Rasp-Pi is the winner.
> 
> One thought is the BBB is astoundingly portable and
> the OS can live on an easy to carry  microSD card.

I have yet to play with the BBB, but the Raspberry Pi makes a great, cheap
air-gap box. For instance, I write science fiction stories that I don't want
anyone to read (I just don't think I could take that kind of rejection). I
use a $25 Raspberry Pi model A, which boots right into my word processing
software with only an encrypted LUKS partition and tmpfs writable. I can
take it with me anywhere HDMI displays and USB keyboards can be found. If I
really need to travel light, it's just the microSD card as you say, which
can be accessed on any appropriately secured Linux machine.

What I would like next is a solution for PGP keys, and I'm a total noob at
this so I'd like to hear what you guys think. One simple solution would seem
to be a Raspberry Pi on the local network that exposes nothing but a gpg
command line interface over ssh, with one time authentication to prevent
replays of the passphrase. Signed messages would be sent right back, but
decrypted ones could only be shown via the RaPi's HDMI out port.

How can this be improved? Would a serial connection (and no networking) be
best? It seems safer than moving physical storage media back and forth --
those USB drives have a decent track record as an attack vector.

-nd.