On Wed, Aug 02, 2017 at 10:16:29PM +0200, Adam Borowski wrote: > It would be nice if someone knowledgeable could educate the rest of us > about physical key dongles -- a number of DDs/DMs/contributors still > keep their secret keys on a regular disk, and could use a primer. Me > included. I do have a backup key with plenty of sigs that's stored > securely, but my regular key is on the same physical machine I test > random software on. ... > There's GNUK ("out of stock"), Nitrokey and others -- but how do they > differ? Actually, at this point it would be easier to skip the > details and say "if you don't know any better, buy X". > > Thus: can I has "key dongles for dummies", plz? The need for such a document has been brought up several times, but it's never actually been created (and indeed a general "what's my best approach to managing keys"). It's on the todo list, but I think there are a bunch of software pieces that need to also happen in order to make it a smooth process that people can actually easily engage in. Here, at a very high level without instructions of how to do any of it, is what I think might be a suitable base: * If you don't want to buy hardware, use an offline master key. Create a certification only master key using something like PGP Clean Room on a non-networked host, and store that on a USB key you only ever put into your machine when running your clean, non-networked, environment. Create at least 2 subkeys - signing + encryption - and use those in your day to day work. You then only need the master key when dealing with signing other keys, or updating your subkeys. In the event of your subkeys being compromised or lost or whatever you can just regenerate; because your master key is offline it should remain secure meaning you don't have to go through the pain of getting cross signatures again. (All of this needs a nice easy work flow, including a set of scripts or something to shuffle keys to sign off your network connected machine onto a USB stick and then into the clean room to be signed and then back to the USB stick to be shuffled onto the networked host to be emailed out and this is why I haven't written the doc because without tooling it's going to be 100 pages of the most boring screenshots you've ever read.) * If you want to buy hardware then one of the self contained USB tokens that look like a smartcard + reader to the OS is probably easiest. Part of the problem is that everything I've seen only supports 3 keys on the device and those are one each of signing, encryption + authentication. Which means you can't have a master certification key and a signing subkey on the same device. If you can manage it, have 2 devices; one with the master and the other with your day-to-day keys. Otherwise I guess having a master key that is signing enabled might be the best option? (Opinions, anyone else?) * For hardware I'm aware of the following: * GnuK: My favourite choice. It's slow with RSA4096, but does support it. The hardware is open. The software is open (you can compile and flash it using tools available in main). Upstream is responsive (and a DD). However it's physically not quite as polished and there are availability issues. * Nitrokey Start: This is based on the GnuK (note their other devices are not) and seems like it might be a good alternative that is more physically robust will still being reasonably Free. I've not actually had my hands on one however so this is guesswork - but they do pop up on the GnuK dev list occasionally. * Yubikey. I'm not sure about this; it's entirely closed these days I believe. However they're easily available and I understand they're pretty robust in terms of living on a keyring all the time. I appreciate this is not the "key dongles for dummies" asked for, but hopefully it's more helpful than continued silence. I personally would like us to get to the point where the "offline master" is our base line for how contributors to Debian manage their key - it provides a useful measure of extra security without the extra expense that a USB token involves. That said a USB token is definitely a better option. J. -- Life is a bitch, but some of the | .''`. Debian GNU/Linux Developer puppies are cute. | : :' : Happy to accept PGP signed | `. `' or encrypted mail - RSA | `- key on the keyservers.
Attachment:
signature.asc
Description: Digital signature