[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Password Protecting GPG Keys

There was a thread on d-private in early March about the benefits and
downsides to to requiring every DD and aspiring DD to sign their
messages.  One of the reasons raised for not doing it is some felt
uncomfortable carrying around their GPG keys when travelling.

My initial reaction was "that's being overly cautious" particularly
given there signing every message doesn't mean you have to carry around
your master key.  However, it did make me wonder just how safe a GPG key
(or indeed any file) is, if it is protected by a password and nothing

To put the problem in precise terms: Lets say I had a bitcoin wallet
with keys controlling $10M worth of coins.  (A figure is needed because
it determines the upper bound on the amount of effort a rational
attacker would devote to the problem.)  Is it possible to put an
encrypted version of that file in a public place on the web, so that
everybody knew what it was worth, and have it protected by a password I
could be comfortable in remembering in a couple of years time, and be
sure it is safe.  "Sure it is safe" here means it is going to cost the
attacher more than it's worth.

It turned out to be a far more interesting question than I first
supposed.  To cut to the chase, I think the answer is yes - it is
possible.  But not with the tools shipped by Debian today [0] [1].

I have up a web page explaining what you have to do to protect such a
file, together with a tool that makes it possible (but possibly not
convenient enough for everyday use).  You can find it here:

  http://pbkdf2.sourceforge.net (don't be put off by the name.)

Maybe it will convince some of you it is possible to carry your gpg key
around with you - or at the very least store it in the web somewhere so
you can get to it when you need it.

[0] Debian does include scrypt, which is what I based my program on.
    Unfortunately it lets you set the maximum strength of the
    expanded key, but not a minimum.   That's not quite what I was

[1] And since it isn't possible with the tools available on Debian,
    that means my gut "he's being overly cautious" reaction was wrong.

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: