Re: wanted: educate us please on key dongles
On Wed, Aug 30, 2017 at 10:09:38AM +0100, Jonathan McDowell wrote:
> On Tue, Aug 29, 2017 at 07:34:35PM +0200, Marc Haber wrote:
> > Their web page says that it will only suppor 2048 bit RSA keys, which is
> > the limitation of most USB crypto tokens on the market today. The
> > Nitrokey Pro will also do 3072 and 4096 bit, but it's considerably less
> > free?
>
> The Start is based on the GnuK and I think should be upgradable to do 4K
> keys. The Pro uses a non-free smartcard internally for the RSA
> operations. I believe the Start should also be capable of ECC, as per
> the GnuK. It's possible Nitrokey haven't updated their firmware to
> support this yet.
I might be missing something, but I am wondering what a free hardware
design will help here. I am not in a position to validate it anyway, and
an USB token is unlikely to take any private data and phone it home.
What do I gain from using the GnuK over a yubi- or nitrokey other than
being able to say "yay, it's free"?
> > I have been postponing the offline master stuff for years because of
> > the hassle connected. Would it be a stupid idea to have one hardware
> > token for the Master key (generated on the device, never having left
> > it) and a second token for the everyday signing and encryption keys?
> > Can I have a master certification key on one device and subkeys on
> > another one? Can I also have this when the private parts of master and
> > sub keys have been generated on different devices?
>
> Yes. I have a GnuK which holds my 0x21E278A66C28DBC0 master key, and
> then a separate device which has the 3 active subkeys (signing,
> encryption + authentication) for this key.
How do you back up the key? Was the 0x21E278A66C28DBC0 master key
created on the GnuK, or was it imported into the GnuK with a backup
somewhere?
What do I gain from having my certification master key on a GnuK or
other hardware token stored away in the safe over having the
certificatio master key with a nasty passphrase on a memory card in the
safe? The only issue that I see is that someone who gets access to my
safe can (a) copy the encrypted key without me noticing and (b) brute
force the passphrase of that copy with unlimited tries. Otoh, with a
hardware device, an attacker will have to steal the actual device since
he cannot make a copy, and the PIN will self-destruct after three tries,
making brute force impossible.
The price I pay for this added security is that I have to decide now
how many backups of the key I want to have since once the file version
of the key was deleted there is no more making copies of it, regardless
of how many devices I have it on, and that it would be impossible to
move to a different kind of device (smaller, more robust, faster)
without creating a new key. Those price is rather severe. What is an
acceptable trade-off between:
(1) only one copy of the key on one hardware device, with the key never
having left that device
(2) arbitrary copies of the key on hardware device with no readable copy
of the key left
(3) key on hardware device with a readable backup stored away in
$SAFE_PLACE
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Leimen, Germany | lose things." Winona Ryder | Fon: *49 6224 1600402
Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421
Reply to: