Sending REALLY sensitive information

[SgtSpike]

If I was to send someone some really sensitive information that I wanted to be 100% sure no one else could see, what would be the best way(s) of doing so?  Say, for example, it was a Bitcoin private key.

[CIYAM]

If they are at all computer literate GPG would probably be your best option.

[jackjack]

Crypting it with GPG?

[BIGMERVE]

Just send them a letter with a seal.

[theymos]

Give it to them in person.

[SgtSpike]

GPG, a letter with a seal... sounds good.

Give it to them in person.

Well, yes, but assume they aren't near me. 

[CIYAM]

Also depending upon level of paranoia you could divide the private key into parts and say:

Part 1) Email
Part 2) SMS/Phone
Part 3) Snail mail

[SgtSpike]

Good point CIYAM!

What about BitMessage?  It should be secure for sending, right?
Or... an encrypted .rar, provided the passkey is sent separately?

[MysteryMiner]

PGP encrypted mail
OTR encrypted IM chat
TorChat

The list can go on.

[SgtSpike]

PGP encrypted mail
OTR encrypted IM chat
TorChat

The list can go on.

Let's keep it to options where we don't have to be online at the same time... but thanks for the suggestions!

[bbit]

Give it to them in person.

^^this^^

[SgtSpike]

Give it to them in person.

^^this^^

Assume they live across the globe and it is not possible.

[Lethn]

Just send them a letter with a seal.

You should also make sure they burn it after they read it otherwise someone might pick it up in the bin.

[SgtSpike]

Screw GPG, it doesn't allow long enough keys for paranoid people. Have your friend generate a 16,384 bit RSA keypair with openssl, encrypt it with the public key, and send it off.

I like it. 

[kokjo]

This generating private/public keypairs is useless, IF YOU ARE NOT GIVING IT IN PERSON.

http://en.wikipedia.org/wiki/Man-in-the-middle_attack

[Raoul Duke]

https://bitmessage.org/wiki/Main_Page

[molecular]

This generating private/public keypairs is useless, IF YOU ARE NOT GIVING IT IN PERSON.

http://en.wikipedia.org/wiki/Man-in-the-middle_attack

if you're familiar with the voice of the person, I think it's pretty safe to transmit the public key via phone after having a conversation about the weather.

[Rothgar]

Send the person a picture of a cat to use as a one time pad.   

Mail them a CD with the picture of the cat that you take yourself.  Email the OTP encrypted file. 

I'm being a little silly this is probably overkill. 

[MysteryMiner]

TorChat is out-of-box solution that cannot be compromised unless Tor asymmetric encryption is totally broken or one of boxes are compromised.

[SgtSpike]

This generating private/public keypairs is useless, IF YOU ARE NOT GIVING IT IN PERSON.

http://en.wikipedia.org/wiki/Man-in-the-middle_attack

Hmmm, good point.  Would there be a way for someone to MITM communications in such a way that the receiver of the information still gets it and doesn't know that it is compromised?

https://bitmessage.org/wiki/Main_Page

Obviously, the key is getting the correct Bitmessage address for a particular person, but I've heard that Bitmessage addresses can be generated from Bitcoin addresses?  That might be one way to prove ownership of a particular address.

This generating private/public keypairs is useless, IF YOU ARE NOT GIVING IT IN PERSON.

http://en.wikipedia.org/wiki/Man-in-the-middle_attack

if you're familiar with the voice of the person, I think it's pretty safe to transmit the public key via phone after having a conversation about the weather.

Good point as well...

Send the person a picture of a cat to use as a one time pad.  

Mail them a CD with the picture of the cat that you take yourself.  Email the OTP encrypted file.  

I'm being a little silly this is probably overkill.  

LOL.

What about just mailing a password (plaintext), and then emailing a .rar encrypted file?  I don't know what OTP is or how a cat picture could be used as a pad, and yes, that might be overkill for my purposes anyway.