[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: wanted: educate us please on key dongles

On Wed, Aug 02, 2017 at 10:16:29PM +0200, Adam Borowski wrote:
> It would be nice if someone knowledgeable could educate the rest of us
> about physical key dongles -- a number of DDs/DMs/contributors still
> keep their secret keys on a regular disk, and could use a primer.  Me
> included.  I do have a backup key with plenty of sigs that's stored
> securely, but my regular key is on the same physical machine I test
> random software on.
> There's GNUK ("out of stock"), Nitrokey and others -- but how do they
> differ?  Actually, at this point it would be easier to skip the
> details and say "if you don't know any better, buy X".
> Thus: can I has "key dongles for dummies", plz?

The need for such a document has been brought up several times, but
it's never actually been created (and indeed a general "what's my best
approach to managing keys"). It's on the todo list, but I think there
are a bunch of software pieces that need to also happen in order to make
it a smooth process that people can actually easily engage in.

Here, at a very high level without instructions of how to do any of it,
is what I think might be a suitable base:

 * If you don't want to buy hardware, use an offline master key. Create
   a certification only master key using something like PGP Clean Room
   on a non-networked host, and store that on a USB key you only ever put
   into your machine when running your clean, non-networked,
   environment. Create at least 2 subkeys - signing + encryption - and
   use those in your day to day work. You then only need the master key
   when dealing with signing other keys, or updating your subkeys. In
   the event of your subkeys being compromised or lost or whatever you
   can just regenerate; because your master key is offline it should
   remain secure meaning you don't have to go through the pain of
   getting cross signatures again.

   (All of this needs a nice easy work flow, including a set of scripts
    or something to shuffle keys to sign off your network connected
    machine onto a USB stick and then into the clean room to be signed
    and then back to the USB stick to be shuffled onto the networked
    host to be emailed out and this is why I haven't written the doc
    because without tooling it's going to be 100 pages of the most
    boring screenshots you've ever read.)

  * If you want to buy hardware then one of the self contained USB
    tokens that look like a smartcard + reader to the OS is probably
    easiest. Part of the problem is that everything I've seen only
    supports 3 keys on the device and those are one each of signing,
    encryption + authentication. Which means you can't have a master
    certification key and a signing subkey on the same device.

    If you can manage it, have 2 devices; one with the master and the
    other with your day-to-day keys. Otherwise I guess having a master
    key that is signing enabled might be the best option? (Opinions,
    anyone else?)

  * For hardware I'm aware of the following:
    * GnuK: My favourite choice. It's slow with RSA4096, but does
      support it. The hardware is open. The software is open (you can
      compile and flash it using tools available in main). Upstream is
      responsive (and a DD). However it's physically not quite as
      polished and there are availability issues.
    * Nitrokey Start: This is based on the GnuK (note their other
      devices are not) and seems like it might be a good alternative
      that is more physically robust will still being reasonably Free.
      I've not actually had my hands on one however so this is guesswork
      - but they do pop up on the GnuK dev list occasionally.
    * Yubikey. I'm not sure about this; it's entirely closed these days
      I believe. However they're easily available and I understand
      they're pretty robust in terms of living on a keyring all the

I appreciate this is not the "key dongles for dummies" asked for, but
hopefully it's more helpful than continued silence. I personally would
like us to get to the point where the "offline master" is our base line
for how contributors to Debian manage their key - it provides a useful
measure of extra security without the extra expense that a USB token
involves. That said a USB token is definitely a better option.


 Life is a bitch, but some of the  |  .''`.  Debian GNU/Linux Developer
         puppies are cute.         | : :' :  Happy to accept PGP signed
                                   | `. `'   or encrypted mail - RSA
                                   |   `-    key on the keyservers.

Attachment: signature.asc
Description: Digital signature

Reply to: