The recent NSO scandal made me think, how could I design a system which enables encrypted communication even if the devices are use are compromised. I came up with this idea: take two Raspberry Pis or similar devices. On on of them, I physically destroy the chips which enable wireless communication, the other one I connect it to the internet. Both would have a screen and a camera. If I want to send a message to someone with the same device, I use the RP not connected directly to the internet to encrypt the message, using the recipient’s public address. The encrypted message is displayed on the screen of this RP. The other RP reads the message, sends it to someone with a similar device, over the internet (this does not have to be encrypted as the message I am sending is already encrypted by the offline RP). The online RP of the recipient displays the message, the offline RP reads it, decrypts it, and viola, communication is done.
The only information which enters into the RP which has the private keys (ie the one doing the encryption) has to come through the screen, which is just displaying QR codes (if I successfully destroy the WiFi-enabling chips, of course.)
The difference between this setup and a normal communication using 1 device, is that the device which is connected to the internet (ie the one which is exposed to insecurities), is not the one which is doing the encryption, and their only connection is the QR codes displayed on the screen. Given how end-to-end encryption did not stop Pegasus, it seems like a good idea not to rely on the same device to do both encryption & communication.
What could go wrong with this setup, and has there been a similar project done before?