STEP 13) Air Gapping It
To add an extra layer of security we will be using A:\ drive floppy disks to shuttle the encrypted.asc messages to and from a dedicated airgapped encryption station preferably running openBSD on a non-intel architechture, SPARC, PowerPC, Alpha, etc. Do not use USB as a substitute for this step (STUXNET).
0. Your decryption station will have full disk encryption and be powered off when not in use
1. Generate your keys on the air gap
2. Export your public key,change the file permisions to read only and save it onto a floppy disk A:\
3. Take the floppy disk and sneaker net it to your transmision computer which has the hidden service and postfix on it.
4. Publish your anonymous user name and public key as well as the hidden service onion name using tor and icecat, links, or endcurl or however on your tor hidden service website or on a message board forum like endchan.xyz.
5. Recieve the hidden service onion name and public key of your correspondent ( by reading a published name,address and public key on a forum or other communication method or by recieving it in your inbox by postfix after publishing yours)
6. Save the public key of your correspondent onto a floppy disk A:\ change permisions to read only write a sha256sum checksum for the file and shuttle it to the decryption/encryption station.
7. check the file againts the checksum, and then gpg import the public key to your key ring
8. Type a message for your recipient in plain text on the air gapped encryption station and encrypt it to encrypted.asc. Delete the plain text file if unnecessary to archive especially if it is incriminating.
9. Write the encrypted message encrypted.asc to the floppy disk and change permisions to read only also write the sha256 sum of the file to the floppy if you have space.
10. Shuttle the message by floppy disk A:\ to the transmission computer and send to your recipient using endmail
11. You can also write the sha256 sum of the file or sha512sum of the file onto the disk before sneaker netting it.
12. You can include this sha256 checksum as another attachment to transmit to the recipient or as a second followup email
13. Recieve an encrypted message response from postfix, change its file permissions to read only ( chmod ugo-xw encrypted.asc ) and copy it onto a floppy disk A:\
14. take the sha256sum of the file and also write it onto the floppy disk with ( sha256sum encrypted.asc >> sha256sum.txt ; chmod ugo-xw sha256sum.txt ; cp sha256sum.txt /dev/fd0 or however that is mounted like /mnt/floppy)
13. Shuttle this by sneaker net to the decryption station check the sha256 sum against the file value and decrypt wtih gpg, delete the plaintext response, and either write a response and repeat or reboot the computer.
14. Power off the decryption station airgap after communications have ended to protect your station.
This step protects against keylogging or other malware revealling your message during compositon before encryption.