[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: wanted: educate us please on key dongles

On Wed, Aug 30, 2017 at 01:52:54PM +0200, Christian Seiler wrote:
> Am 2017-08-30 09:01, schrieb Marc Haber:
> > On Tue, Aug 29, 2017 at 04:07:45PM -0300, Henrique de Moraes Holschuh
> > wrote:
> > > The **public** portion of *every* key (master and all subkeys) go into
> > > the public keyrings and also in the Debian keyring.  gnupg will handle
> > > this automatically if you use "--export" (do *NOT* confuse with a
> > > different export option that is for private keys).
> > 
> > So it is probably a bad idea / impossible (?) to have a dedicated
> > signing-only key used for Debian that guared more closely than the
> > "regular every-day" key?
> 
> Well, you could create a completely separate key pair (with a separate
> master key) for Debian purposes only.

That would double the effort of obtaining signatures and also double the
burden on my signers. Doesnt scale.

> > People keep mentioning to store the private key on a LUKS-encrypted
> > device. Why? Is the private key encryption that happens inside GnuPG
> > itself when you protect your private key with a passphrase not
> > sufficient?
> 
> Defense in depth. First of all, it's not immediately clear that the
> media I keep my private key on is actually the one that contains my
> private key (_all_ external media I have at home is LUKS encrypted,
> except for a couple of USB sticks I use to share data with other
> people),

That sounds like security-by-obscurity.

>and secondly I use a different passphrase for LUKS as
> compared to the private key.

That, of course, goes without saying.

> Basically, it's an added level of paranoia.

Usually I am the one who is paranoid, that's why I asked.

> However, you _could_ achieve that if you export the private key
> manually and accidentally upload that via the web interface that
> some keyservers provide. ;-) They'll probably reject the upload
> (because it's not a public key), but who knows where that'll be
> logged...

yes, but that's truely advanced stupidity. I hope that I am not capable
of that.

> To be fair: SSH's naming convention for files is not the easiest
> to understand for new users. Using ${filename} for the private key
> and ${filename}.pub for the public key does not make it obvious
> that they need to keep ${filename} private. Had they used
> ${filename}.secret for the private key this might have reduced
> such occurrences.

agreed.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Leimen, Germany    |  lose things."    Winona Ryder | Fon: *49 6224 1600402
Nordisch by Nature |  How to make an American Quilt | Fax: *49 6224 1600421
Reply to: