Long Term Key Management With Hardware Tokens
Hey everyone, I have a question regarding using secure hardware such as Yubikey/Nitrokey, GPG smartcards, and the handling of encryption key rotation and replacement. I currently have a GPG key with a 4096 bit RSA key generated on a GPG smart card version 2.1. I have recently acquired two Yubikey 5's, both of which support curve25519. It is unclear if version 3.4 of the GPG smart card supports this curve, but if it does, I would be interested in using it as well. As I am looking to generate a new key that uses the curve25519, I was trying to plan out how I should handle key management and revocation. I was thinking that sub-signing keys could be generated on the secure hardware and a sub decryption key could be generated and imported onto each of these devices with an air-gapped system. Then the non-secure copy of the key is destroyed. Ideally, these subkeys would only ever exist on the secure hardware. When either a token is lost, a new one is added, or enough time has passed that I want to roll the keys, I would revoke the subkey in use, generate a new one via the same process and add it to the security tokens in use. The problem, of course, comes when I need to decrypt old messages signed with the revoked key or if someone at a later point sends an encrypted message to the revoked key. Ideally, I would keep one security token that is assigned the encryption subkey simultaneously as the others before it is destroyed from the computer.This token's job would be to store historic encryption keys if I ever needed to decrypt messages with the older encryption keys. PIV smartcards, including the Yubikey implementation, support Slots 82-95: Retired Key Management which is specifically built for the purpose of key rotation while letting a user store many old encryption keys before they need to acquire new hardware. As neat as this is, the GPG smart card implementations seem to offer no such similar feature. The GPG keys on the smartcards seem specialized specifically for the type of key, be it signing or encryption; you cant even store 3~4 encryption keys per card. Is there a proper way to do this similar to the PIV retired key management scheme? Most people say to just backup offline the encryption keys. Still, I feel like security is lost if that key is ever recoverable in a form other than the secure hardware (e.g., it somehow leaks, resulting in old messages being able to be decrypted). Is there a reason the GPG smart card system does not have retired key slots as part of the design? How is one supposed to best go about this without getting new cards everytime you rotate encryption subkeys? Sincerely, Brandon Anderson OpenPGP_0x255837AEF812E87E.asc Description: OpenPGP public key OpenPGP_signature Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: safe curves in openPGP smartcard
On Sun, 2021-06-20 at 18:57 +, mailinglisten--- via Gnupg-users wrote: > is there any educated guess, when some safe curve (25519?) will find > their ways into openPGP smart cards? Some cards already support Curve25519; I'm signing this with my Nitrokey Start (which is really a Gnuk) using my ed25519 subkey. Nitrokey advertises support for this [1], so I presume it's reliable as it has been for me. [1] https://www.nitrokey.com/#comparison signature.asc Description: This is a digitally signed message part ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
safe curves in openPGP smartcard
Hi there, is there any educated guess, when some safe curve (25519?) will find their ways into openPGP smart cards? regards ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Detaching signature from signed object
12021/04/10 05:36.72 ನಲ್ಲಿ, Matthew Richardson via Gnupg-users ಬರೆದರು: > Is there any way in GnuPG to detach (or extract) a signature from a signed > object? For example, a signed object is created with:- > > >gpg --armor --output signedfile.asc --sign inputfile.txt > > where what is wanted is a detached signature which would verify against > inputfile.txt. > > This feature is in PGP 2:- > > >pgp -sa inputfile.txt -o signedfile.asc > >pgp -b signedfile.asc -o verified.txt > > which also produces verified.pgp as the detached signature. The feature is > described (briefly) in the PGP 2 documentation thus:- > > >To detach a signature certificate from a signed message: > > pgp -b ciphertextfile > > The reason for asking is that I operate a service [1], which currently used > PGP 2, and which would benefit from more recent crypto, but which also uses > "pgp -b" extensively. > > Best wishes, > Matthew > > [1] http://www.itconsult.co.uk/stamper.htm > > ___ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users I believe you're looking for the -sb option, which creates a detached signature. HTH! - Chiraag -- ಚಿರಾಗ್ ನಟರಾಜ್ Pronouns: he/him/his publickey - mailinglist@chiraag.me - b0c8d720.asc Description: application/pgp-keys signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Detaching signature from signed object
Is there any way in GnuPG to detach (or extract) a signature from a signed object? For example, a signed object is created with:- >gpg --armor --output signedfile.asc --sign inputfile.txt where what is wanted is a detached signature which would verify against inputfile.txt. This feature is in PGP 2:- >pgp -sa inputfile.txt -o signedfile.asc >pgp -b signedfile.asc -o verified.txt which also produces verified.pgp as the detached signature. The feature is described (briefly) in the PGP 2 documentation thus:- >To detach a signature certificate from a signed message: > pgp -b ciphertextfile The reason for asking is that I operate a service [1], which currently used PGP 2, and which would benefit from more recent crypto, but which also uses "pgp -b" extensively. Best wishes, Matthew [1] http://www.itconsult.co.uk/stamper.htm ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
