Re: Question for app developers, like Enigmail etc. - Identicons

[Stefan Claas]

On 13.06.17 14:16, Peter Lebbing wrote:
> On 13/06/17 09:43, Stefan Claas wrote:
>> Another thing i will do in the future, which i haven't read in popular
>> tutorials,
>> is that once checking the hash/sig of the provided package i will also hash
>> the binaries after unpacking and print them out on a piece of paper, so
>> that i
>> can frequently check the values.
> I use Open Source Tripwire for that. Its specification language is quite
> lacking in my opinion, but it's not so bad that I start looking around
> for a different solution. I've been using it for ages, and haven't
> noticed any significant development on it since I started using it. As
> far as I remember.
>
> Note that someone in a position to replace your binaries is also in a
> position to replace the sha256sum binary or whatever other binary you
> are using to generate the hashes, so your hashes can just lie to you. As
> can Tripwire.

During my lunch break i thought of that too. I think as a good start
i will next time (which popular tutorials also do not mention) install
the next version available on an USB stick, symlink to them and put
the USB stick in a safe place. Should an email arrive i will then insert
the USB stick to decrypt/verify the message.

Regarding hashes, maybe it's possible for the authors who are
providing packages that they not only include the hash or sig,
of the package but the hashes of the unpacked binaries too,
on their download page. Should one hash discrepancy show
up on my computer i could try another one and see if the hash
matches then.
>
> And so I come to my other comment, in reply to:
>
>>  So what i have learned from this whole
>> thread, also about my proposal for identicons, i should buy me
>> an offline computer, send Thunderbird/Enigmail to /dev/null
>> and transfer signed/encrypted messages from my online usage
>> computer with a USB stick to my offline computer and verify
>> decrypt the messages there. :-)
> Security is not an absolute. Quite the opposite: security is rather
> simple economics. How much are you willing to spend on your protection,
> and how much is an attacker willing to spend to compromise you? It's
> that simple. There are some unpleasant little factors such as that you
> need to do it right all the time, yet the attacker only needs to do it
> right once. But in the end, it all boils down to: who is willing to go
> that step further? As long as your secrets aren't very valuable, an
> attacker will not want to spend a lot on obtaining those secrets; they'd
> rather point their attention and money elsewhere.
>
> So Tripwire is something that raises the cost of the attack; it's
> defence in depth, not an absolute defence. And as the name suggests, if
> the attacker doesn't notice Tripwire, they might well set off an alarm.
> But if they notice it .
>
>
For me i see this way, for big Organizations i would not have a single
chance, but i assume that i am no target for them, because i am of no
interest to them.

On the other side, where money is involved etc. and people are good
in keeping their computers clean, and they rely on popular tutorials,
the "green bar problem" would still be there, imho.

Regards
Stefan





___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Key expiration question

[Peter Lebbing]

On 13/06/17 09:55, Chris Horrocks wrote:
> At first I thought it may be a mechanism for revalidating private
> key ownership but key expiration doesnt appear to impact on trust or
> validity.

An expired key will definitely not be able to issue valid signatures
after the expiration date. So any certifications made after the expiry
will definitely not influence the validity of another key either, either
positively or negatively.

I don't know how certifications made before the expiry are handled. So,
I don't know whether some other keys either lose their validity after
the expiry or they keep their validity.

So I disagree that expiry doesn't impact trust and validity.

> So I thought it may be a mechanism for time constraining key
> use but there doesnt appear to be anything in the RFC to mandate the
> handling (or not as the case may/should be) of expired keys.

Not everything that is needed for a sane implementation is in the RFC.

Expiring your key will certainly force your correspondents to see if
there is anything new about it if they still want to verify your
signatures or encrypt messages to you (you can't encrypt to an expired key).

You ask what the purpose is of key expiry, but I think it has multiple
possible purposes. I'd phrase it as "what is the mechanism of key
expiry" and then decide whether that mechanism fits the purpose you have
in mind or not. Supposing that you do have a purpose in mind.

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GnuPG card && using the backup secret key

[Peter Lebbing]

On 13/06/17 12:51, Matthias Apitz wrote:
> $ gpg2 --edit-key sk_61F1ECB625C9A6C3.gpg

Unfortunately you got lost in the advice from multiple people :-).

This file sk_... is not a public key. It is just the backup of the
material that is in one of the slots of the card.

When Werner said "make sure your public key exists", he meant you should
perhaps import the file created with:

> $ gpg2 --export --armor > ccid--export-key-guru.pub

So:

Let's not use a temporary homedir. There have been some changes lately
regarding locating the agent and scdaemon with a changed homedir. I
don't know off the top of my head what the currect situation is. GnuPG
getting confused about its homedir is a great way to make you confused
as well.

However, *backup your homedir*. If all goes awry, you can restore from
backup.

And do you have a spare OpenPGP card? Don't use your OpenPGP card with
the keys on it! Or else you'll get "I tried to be prudent and test my
backup, my backup wasn't good and it trashed my card. I now need a
backup to restore my card. H."

Since you are using your normal GnuPG installation to do this operation,
the public key is already available! If you do start from scratch, first do:

$ gpg2 --import ccid--export-key-guru.pub

Then do:

$ gpg2 --edit-key 47CCF7E476FE9D11

You don't specify a filename to --edit-key, you specify a key in your
keyring. In your original post, one can see that you could have also done:

$ gpg2 --edit-key Matthias

but this would fail as soon as you import another Matthias's key or you
generate a second key for yourself, since GnuPG wouldn't know which key
you meant.

And then at the prompt enter:

gpg> bkuptocard sk_61F1ECB625C9A6C3.gpg

*But do this to a scratch card*! Direct GnuPG to put it in the
Encryption slot.

Now that card holds another copy of your key. What I don't know is
whether this will also tell GnuPG to look for this key on the new card
from now on. Actually, that would be a good way to really test the
backup, but that shouldn't be necessary. If it is the case and GnuPG
asks for that new card any time you want to decrypt, proceed as follows:

- Determine the keygrip of your encryption key.

$ gpg2 --with-keygrip -k 47CCF7E476FE9D11

For me, the output is as follows:

> pub   rsa2048 2009-11-12 [C] [expires: 2017-10-19]
>   8FA94E79AD6AB56EE38CE5CBAC46EFE6DE500B3E
>   Keygrip = 13790148EEE34BC5140DD31B6F95EABA8A19E419
> uid   [ultimate] Peter Lebbing 
> sub   rsa2048 2009-11-12 [S] [expires: 2017-10-19]
>   Keygrip = 46E61BB13BF429980D89B6B7BDE0F70E55E41A03
> sub   rsa2048 2009-11-12 [E] [expires: 2017-10-19]
>   Keygrip = A9C7C73653BEDAF478E4956FCF4C3AFC7CB9A00C
> sub   rsa2048 2009-12-05 [A] [expires: 2017-10-19]
>   Keygrip = 2DD5CC89FE601845C8C4F74F9643724A08D878FD

My encryption subkey has the keygrip
A9C7C73653BEDAF478E4956FCF4C3AFC7CB9A00C.

- Delete the smartcard key stub:

$ rm ~/.gnupg/private-keys-v1.d/.key

- Insert your regular smartcard, the one which also holds the SC and A key.

- Execute:

$ gpg2 --card-status

Now GnuPG will once again pick up the E key on your regular card.

Finally, if you want to remove the restored backup from the new/scratch
OpenPGP card, do (with that scratch card in the reader):

$ gpg2 --card-edit
gpg/card> admin
gpg/card> factory-reset

That should be it.

At some point earlier you deleted a file from
~/.gnupg/private-keys-v1.d/. If you deleted the wrong one, you'll be
very glad you made that backup of the directory. Restore from backup.
Since the backup was made before you started fiddling with stuff, if you
restore the whole .gnupg directory, it will automagically restore the
correct situation you started out with, and it will ask for your regular
card, not the new one.

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Question for app developers, like Enigmail etc. - Identicons

[Peter Lebbing]

On 13/06/17 09:43, Stefan Claas wrote:
> Another thing i will do in the future, which i haven't read in popular
> tutorials,
> is that once checking the hash/sig of the provided package i will also hash
> the binaries after unpacking and print them out on a piece of paper, so
> that i
> can frequently check the values.

I use Open Source Tripwire for that. Its specification language is quite
lacking in my opinion, but it's not so bad that I start looking around
for a different solution. I've been using it for ages, and haven't
noticed any significant development on it since I started using it. As
far as I remember.

Note that someone in a position to replace your binaries is also in a
position to replace the sha256sum binary or whatever other binary you
are using to generate the hashes, so your hashes can just lie to you. As
can Tripwire.

And so I come to my other comment, in reply to:

>  So what i have learned from this whole
> thread, also about my proposal for identicons, i should buy me
> an offline computer, send Thunderbird/Enigmail to /dev/null
> and transfer signed/encrypted messages from my online usage
> computer with a USB stick to my offline computer and verify
> decrypt the messages there. :-)

Security is not an absolute. Quite the opposite: security is rather
simple economics. How much are you willing to spend on your protection,
and how much is an attacker willing to spend to compromise you? It's
that simple. There are some unpleasant little factors such as that you
need to do it right all the time, yet the attacker only needs to do it
right once. But in the end, it all boils down to: who is willing to go
that step further? As long as your secrets aren't very valuable, an
attacker will not want to spend a lot on obtaining those secrets; they'd
rather point their attention and money elsewhere.

So Tripwire is something that raises the cost of the attack; it's
defence in depth, not an absolute defence. And as the name suggests, if
the attacker doesn't notice Tripwire, they might well set off an alarm.
But if they notice it .

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Key expiration question

[Chris Horrocks]

Hi,

I have a question around key expiry that I can't seem to find any thorough 
documentation on; & the @Gnupg twitter account pointed me here.

What purpose does key expiration have?

At first I thought it may be a mechanism for revalidating private key ownership 
but key expiration doesnt appear to impact on trust or validity. So I thought 
it may be a mechanism for time constraining key use but there doesnt appear to 
be anything in the RFC to mandate the handling (or not as the case may/should 
be) of expired keys.

Have I completely misunderstood?

Regards

Chris___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GnuPG card && using the backup secret key

[Matthias Apitz]

El día martes, junio 13, 2017 a las 02:30:05p. m. +0300, Teemu Likonen escribió:

> Matthias Apitz [2017-06-13 12:51:01+02] wrote:
> 
> > $ gpg2 --edit-key sk_61F1ECB625C9A6C3.gpg
> 
> Command --edit-key edits a key in your keyring. I'd guess that you want

I did 1:1 what Werner suggested;

> to import keys:
> 
> gpg2 --import sk_61F1ECB625C9A6C3.gpg

This is not working as I said yesterday:

$ gpg2 --import sk_61F1ECB625C9A6C3.gpg
gpg: key 61F1ECB625C9A6C3: no user ID
gpg: Total number processed: 1
gpg:   secret keys read: 1

Btw: the publickey is there:

gpg2 --list-keys
/home/guru/.gnupg-test/pubring.kbx
--
pub   rsa4096 2017-05-14 [SC]
  5E69FBAC1618562CB3CBFBC147CCF7E476FE9D11
uid   [ultimate] Matthias Apitz (GnuPG CCID) 
sub   rsa4096 2017-05-14 [A]
sub   rsa4096 2017-05-14 [E]
...

-- 
Matthias Apitz, ✉ g...@unixarea.de, ⌂ http://www.unixarea.de/  ☎ 
+49-176-38902045
Public GnuPG key: http://www.unixarea.de/key.pub


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GnuPG card && using the backup secret key

[Teemu Likonen]

Matthias Apitz [2017-06-13 12:51:01+02] wrote:

> $ gpg2 --edit-key sk_61F1ECB625C9A6C3.gpg

Command --edit-key edits a key in your keyring. I'd guess that you want
to import keys:

gpg2 --import sk_61F1ECB625C9A6C3.gpg

Then you can edit them with --edit-key.

-- 
/// Teemu Likonen   - .-..    //
// PGP: 4E10 55DC 84E9 DFF6 13D7 8557 719D 69D3 2453 9450 ///


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GnuPG card && using the backup secret key

[Thomas Jarosch]

Am 13.06.2017 um 12:20 schrieb Matthias Apitz:
>> AFAIK the "backup process" during key creation for the OpenPGP smartcard
>> is a bit different: There is no interface / function on the card to
>> export a key. Therefore, if you decide to create a backup, a key is
>> first created on the host and *then* transferred onto the card.
>> At least that's my understanding of it.
> 
> Thanks for your posting, but now I'm really confused. The howto about
> the card in https://gnupg.org/howtos/card-howto/en/smartcard-howto-single.html
> says:
> 
> ...
> 3.3.2. Generating keys
> 
> To generate a key on the card enter generate. You will be asked if you would 
> like to make an off-card copy of the encryption key. It is useful to say yes 
> here.
> Note
> 
> Without a backup you will not be able to access any data you encrypted
> with the card if it gets lost or damaged.
> ...
just checked the source code: If you want a backup of the key,
the "want_backup" variable is set. This later on translates
to the "card_backup_key" variable.

---keygen.c---
/*
 * Generate a keypair (fname is only used in batch mode) If
 * CARD_SERIALNO is not NULL the function will create the keys on an
 * OpenPGP Card.  If CARD_BACKUP_KEY has been set and CARD_SERIALNO is
 * NOT NULL, the encryption key for the card is generated on the host,
 * imported to the card and a backup file created by gpg-agent.  If
 * FULL is not set only the basic prompts are used (except for batch
 * mode).
 */
void
generate_keypair (ctrl_t ctrl, int full, const char *fname,
  const char *card_serialno, int card_backup_key)
---keygen.c---


-> so yes, if you want a backup, the key is created on the host.
Security wise it would be bad if the card has a function to extract
a key from it and there's a bug that could somehow trigger this function.

Also it does not make a big difference if the key is created
on the host or on the card if it ends up on the host anyway :)

May be the documentation needs to clarify the situation a bit.

Cheers,
Thomas



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GnuPG card && using the backup secret key

[Thomas Jarosch]

Hi Matthias,

Am 12.06.2017 um 20:12 schrieb Matthias Apitz:
> 
> Please note: I have changed the Subject: of the thread to match better
> the real problem. 
> 
> During generating the keys on the GnuPG card, one can (and should)
> create some backup of the secret key into a file. It is totally unclear
> to me how to make something usefull out of this file, for example import
> it into a "normal" secret keyring to use it in case of the GnuPG acrd
> gots lost.

AFAIK the "backup process" during key creation for the OpenPGP smartcard
is a bit different: There is no interface / function on the card to
export a key. Therefore, if you decide to create a backup, a key is
first created on the host and *then* transferred onto the card.
At least that's my understanding of it.

When we developed the paper backup tool
(https://github.com/intra2net/paperbackup/blob/master/README.md)
we created several keys on the host machine, transferred the key
to the card and created a backup on paper.

During this process we also tested the restore of a card,
it worked just fine. Basically you re-import a private key from file
and tell gpg2 to move it to the card with the --edit-key command.

btw: If you create the keys on a preferable air gaped machine,
there's the "scdrand" tool to feed the kernel random pool with random
numbers generated by the hardware RNG from the OpenGPG card.
We used this script:

--
#!/bin/bash
set -u

if [ "$(whoami)" != "root" ]; then
echo "Must be root (only root can add entropy to the kernel)"
exit 1
fi

echo "Activating scdaemon"
gpg2 --card-status

current_bytes=$(( $(cat "/proc/sys/kernel/random/entropy_avail") / 8))
echo "Emptying existing kernel random pool ($current_bytes)"
dd if=/dev/random of=/dev/null bs=1 count="$current_bytes"

echo "Starting scdrand with:"
echo "- sleep time 2s"
echo "- continuously add 128 random bytes from smartcard"

./scdrand.f25 -l -i 2 128 &

sleep 3
watch -n 1 cat "/proc/sys/kernel/random/entropy_avail"
--


Cheers,
Thomas



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GnuPG card && using the backup secret key

[Matthias Apitz]

El día martes, junio 13, 2017 a las 11:58:51a. m. +0200, Werner Koch escribió:

> On Mon, 12 Jun 2017 20:12, g...@unixarea.de said:
> 
> > create some backup of the secret key into a file. It is totally unclear
> > to me how to make something usefull out of this file, for example import
> > it into a "normal" secret keyring to use it in case of the GnuPG acrd
> 
> To try it you best insert a new or scratch card.  Make sure your
> _public key_ exists.  Then run
> 
>   gpg --edit-key YOURKEY
> 
> and at the prompt enter
> 
>   bkuptocard FILENAME
> 
> the FILENAME is the sk_foo file.  You will then be asked where to store
> the key on the card (Signing, encryption, or authentication key).
> 

I tried (~/.gnupg-test is a copy of my normal GNUPGHOME):

$ cd .gnupg-test/
$ GNUPGHOME=`pwd`
$ env | grep GNU
GNUPGHOME=/home/guru/.gnupg-test

$ ls -l sk_61F1ECB625C9A6C3.gpg
-r  1 guru  wheel  1865 May 14 20:29 sk_61F1ECB625C9A6C3.gpg

$ gpg2 --edit-key sk_61F1ECB625C9A6C3.gpg
gpg (GnuPG) 2.1.19; Copyright (C) 2017 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

gpg: key "sk_61F1ECB625C9A6C3.gpg" not found: No public key

$ gpg2 --import ../GnuPG/ccid--export-key-guru.pub
gpg: key 47CCF7E476FE9D11: "Matthias Apitz (GnuPG CCID) " not 
changed
gpg: Total number processed: 1
gpg:  unchanged: 1

The file "ccid--export-key-guru.pub" was created from the card with:

$ gpg2 --export --armor > ccid--export-key-guru.pub

matthias

-- 
Matthias Apitz, ✉ g...@unixarea.de, ⌂ http://www.unixarea.de/  ☎ 
+49-176-38902045
Public GnuPG key: http://www.unixarea.de/key.pub


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GnuPG card && using the backup secret key

[Matthias Apitz]

El día martes, junio 13, 2017 a las 11:52:46a. m. +0200, Thomas Jarosch 
escribió:

> > Please note: I have changed the Subject: of the thread to match better
> > the real problem. 
> > 
> > During generating the keys on the GnuPG card, one can (and should)
> > create some backup of the secret key into a file. It is totally unclear
> > to me how to make something usefull out of this file, for example import
> > it into a "normal" secret keyring to use it in case of the GnuPG acrd
> > gots lost.
> 
> AFAIK the "backup process" during key creation for the OpenPGP smartcard
> is a bit different: There is no interface / function on the card to
> export a key. Therefore, if you decide to create a backup, a key is
> first created on the host and *then* transferred onto the card.
> At least that's my understanding of it.

Hi Thomas,

Thanks for your posting, but now I'm really confused. The howto about
the card in https://gnupg.org/howtos/card-howto/en/smartcard-howto-single.html
says:

...
3.3.2. Generating keys

To generate a key on the card enter generate. You will be asked if you would 
like to make an off-card copy of the encryption key. It is useful to say yes 
here.
Note

Without a backup you will not be able to access any data you encrypted
with the card if it gets lost or damaged.
...


and as well in the dialog of the key creation on the card it said:

...
Please enter a new passphrase to export it.
Frase contraseña: 
Repeat:
gpg: Note: backup of card key saved to 
'/home/guru/.gnupg/sk_61F1ECB625C9A6C3.gpg'
gpg: /home/guru/.gnupg/trustdb.gpg: trustdb created
gpg: key 47CCF7E476FE9D11 marked as ultimately trusted
gpg: directory '/home/guru/.gnupg/openpgp-revocs.d' created
gnupg-card.txtgpg: revocation certificate stored as 
'/home/guru/.gnupg/openpgp-revocs.d/5E69FBAC1618562CB3CBFBC147CCF7E476FE9D11.rev'
public and secret key created and signed.

gpg/card> quit
...



> 
> When we developed the paper backup tool
> (https://github.com/intra2net/paperbackup/blob/master/README.md)
> we created several keys on the host machine, transferred the key
> to the card and created a backup on paper.
> 

I will have a look into the paper backup tool; sounds handy.

Thx

matthias



-- 
Matthias Apitz, ✉ g...@unixarea.de, ⌂ http://www.unixarea.de/  ☎ 
+49-176-38902045
Public GnuPG key: http://www.unixarea.de/key.pub


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GnuPG card && using the backup secret key

[Werner Koch]

On Mon, 12 Jun 2017 20:12, g...@unixarea.de said:

> create some backup of the secret key into a file. It is totally unclear
> to me how to make something usefull out of this file, for example import
> it into a "normal" secret keyring to use it in case of the GnuPG acrd

To try it you best insert a new or scratch card.  Make sure your
_public key_ exists.  Then run

  gpg --edit-key YOURKEY

and at the prompt enter

  bkuptocard FILENAME

the FILENAME is the sk_foo file.  You will then be asked where to store
the key on the card (Signing, encryption, or authentication key).


Shalom-Salam,

   Werner
 
-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


pgp2WSwv_pqAR.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Fwd: Re: Fwd: Re: Question for app developers, like Enigmail etc. - Identicons

[Stefan Claas]

Am 12.06.2017 um 23:50 schrieb Duane Whitty:

Thanks for your input much appreciated!


I would also add one word about USB sticks:  It is very difficult to
know if they've been compromised and there are no tell-tale signs when
an attack is taking place.  I never put a USB in my computer that has
been used on a computer I don't own.
Best Regards,
Duane



Thanks for pointing this out!

I come to the conclusion after reading all the replies from this thread
that i will return to pure GnuPG usage, instead of using an email / Usenet
client with add-ons. I already found a script for PGP/MIME so that i can
decrypt/verify a message send to me when using GnuPG in command-line
mode.

Another thing i will do in the future, which i haven't read in popular 
tutorials,

is that once checking the hash/sig of the provided package i will also hash
the binaries after unpacking and print them out on a piece of paper, so 
that i

can frequently check the values.

Regards
Stefan







___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users