Key management using a USB key
Hi all,
first of all, this might be slightly off-topic for the debian-devel
list, but I've got the impression that it's already been solved by some
DD's and might prove interesting to others (including non-DD's such as
me).
I've been meaning for some time to get a USB key to manage private keys
(such as gpg, ssh, etc), but it's not until recently that I tried to sit
down and sketch on how to implement it (filesystem layout,
functionality, which parts are encrypted and accessed at which points in
time etc). It turns out that it was not as obious as I thought.
Things which I've considered so far:
o In order to minimize the exposure of the key, it might be wise to
mount the drive, load the keys (ssh,gpg) into the memory of the
appropriate agents and then unmount the drive. On the other hand, does
this actually provide any extra security as opposed to having the key
mounted for the entire session?
o Password entry, it's a hassle to enter 10 different passwords, what
would be the best way to reduce the number of password entries? dm-crypt
to mount an encrypted file on the USB key and then have the gpg and ssh
keys unencrypted within? The login to X/console etc could then maybe be
performed using libpam-usb [1] so that only the password for the
dm-crypt filesystem is needed?
o Especially on laptops, it might be interesting to also encrypt all of
/home and/or other parts of the harddrive to make the data unusuable
without the USB key. But how to integrate this with the other
requirements?
o Revocation certificates for the gpg keys, are there arguments
for/against storing them on the usb key?
o Automagic setup. Hopefully, some scripts in conjunction with
udev/hotplug/pmount/whatever could make everything "just work" (tm) when
the key is inserted.
o USB key removal, how should it be handled if the key is physically
removed during a session? Maybe kill the agents and run xscreensaver
until the key is reinserted...
o Permissions, how are these handled when the key moves between systems
where my userid might differ?
o Other issues?
It would be very interesting to hear how others manage this...
Kind regards,
David
[1] http://bugs.debian.org/234134
Reply to: