Re: Second OpenPGP-card
El día martes, febrero 27, 2024 a las 08:52:55 -0600, Jacob Bachmeyer via Gnupg-users escribió: > > It says: > > > > purism@pureos:~$ gpg --list-keys > > /home/purism/.gnupg/pubring.kbx > > --- > > pub rsa2048 2021-10-30 [SC] > > 336EB96892FE9FE7F6... > > uid [ultimate] Matthias Apitz (GnuPG CCID L5) > > sub rsa2048 2021-10-30 [A] > > sub rsa2048 2021-10-30 [E] > > > > [...] > > Are you sure that *that* is the list of public keys used by pass(1)? It > almost certainly is not, since GPG's public key collection is meant to > collect keys for a variety of uses. For example, sending encrypted emails > or verifying signatures. You probably do not want your password store > encrypted to everyone you correspond with! > > Therefore, pass(1) almost certainly has its own list of keys stored > somewhere else. Your regular public key was probably copied to that list > when you initialized the password store. That is the list that you need to > regularly check, lest Mallory be able to sneak his key onto it. That list > is *also* where you need to add your new public key in order to migrate your > password store. > > ... It must be *that* list pass(1) is using, because: purism@pureos:~$ ls -ld .gnu* drwx-- 5 purism purism 4096 Feb 28 05:59 .gnupg purism@pureos:~$ env | grep GNU GNUPGHOME=/home/purism/.gnupg purism@pureos:~$ file .password-store/test.gpg .password-store/test.gpg: PGP RSA encrypted session key - keyid: 39BDCE02 5E4698B6 RSA (Encrypt or Sign) 2048b . purism@pureos:~$ gpg -da .password-store/test.gpg (it ask for the card's PIN on the L5 display desktop) gpg: encrypted with 2048-bit RSA key, ID 39BDCE025E4698B6, created 2021-10-30 "Matthias Apitz (GnuPG CCID L5) " secret purism@pureos:~$ cat .password-store/.gpg-id CCID L5 I'm attaching the shell script /usr/bin/pass; the code for the "init" command of pass(1) starts at line 300 and I don't see that any other key is used then the one in GNUPGHOME. If I understand this correctly if any other public key would be added to the file /home/purism/.gnupg/pubring.kbx, pass(1) would only use the key "CCID L5" to encrypt any new object stored in ~/.password-store and not the public key of Mallory. Am I wrong? I will consider your hints about RSA4096 when initializing the new second card. Thanks for them. matthias -- Matthias Apitz, ✉ g...@unixarea.de, http://www.unixarea.de/ +49-176-38902045 Public GnuPG key: http://www.unixarea.de/key.pub I am not at war with Russia. Я не воюю с Россией. Ich bin nicht im Krieg mit Russland. #!/usr/bin/env bash # Copyright (C) 2012 - 2018 Jason A. Donenfeld . All Rights Reserved. # This file is licensed under the GPLv2+. Please see COPYING for more information. umask "${PASSWORD_STORE_UMASK:-077}" set -o pipefail GPG_OPTS=( $PASSWORD_STORE_GPG_OPTS "--quiet" "--yes" "--compress-algo=none" "--no-encrypt-to" ) GPG="gpg" export GPG_TTY="${GPG_TTY:-$(tty 2>/dev/null)}" which gpg2 &>/dev/null && GPG="gpg2" [[ -n $GPG_AGENT_INFO || $GPG == "gpg2" ]] && GPG_OPTS+=( "--batch" "--use-agent" ) PREFIX="${PASSWORD_STORE_DIR:-$HOME/.password-store}" EXTENSIONS="${PASSWORD_STORE_EXTENSIONS_DIR:-$PREFIX/.extensions}" X_SELECTION="${PASSWORD_STORE_X_SELECTION:-clipboard}" CLIP_TIME="${PASSWORD_STORE_CLIP_TIME:-45}" GENERATED_LENGTH="${PASSWORD_STORE_GENERATED_LENGTH:-25}" CHARACTER_SET="${PASSWORD_STORE_CHARACTER_SET:-[:graph:]}" CHARACTER_SET_NO_SYMBOLS="${PASSWORD_STORE_CHARACTER_SET_NO_SYMBOLS:-[:alnum:]}" export GIT_CEILING_DIRECTORIES="$PREFIX/.." # # BEGIN helper functions # set_git() { INNER_GIT_DIR="${1%/*}" while [[ ! -d $INNER_GIT_DIR && ${INNER_GIT_DIR%/*}/ == "${PREFIX%/}/"* ]]; do INNER_GIT_DIR="${INNER_GIT_DIR%/*}" done [[ $(git -C "$INNER_GIT_DIR" rev-parse --is-inside-work-tree 2>/dev/null) == true ]] || INNER_GIT_DIR="" } git_add_file() { [[ -n $INNER_GIT_DIR ]] || return git -C "$INNER_GIT_DIR" add "$1" || return [[ -n $(git -C "$INNER_GIT_DIR" status --porcelain "$1") ]] || return git_commit "$2" } git_commit() { local sign="" [[ -n $INNER_GIT_DIR ]] || return [[ $(git -C "$INNER_GIT_DIR" config --bool --get pass.signcommits) == "true" ]] && sign="-S" git -C "$INNER_GIT_DIR" commit $sign -m "$1" } yesno() { [[ -t 0 ]] || return 0 local response read -r -p "$1 [y/N] " response [[ $response == [yY] ]] || exit 1 } die() { echo "$@" >&2 exit 1 } verify_file() { [[ -n $PASSWORD_STORE_SIGNING_KEY ]] || return 0 [[ -f $1.sig ]] || die "Signature for $1 does not exist." local fingerprints="$($GPG $PASSWORD_STORE_GPG_OPTS --verify --status-fd=1 "$1.sig" "$1" 2>/dev/null | sed -n 's/^\[GNUPG:\] VALIDSIG \([A-F0-9]\{40\}\) .* \([A-F0-9]\{40\}\)$/\1\n\2/p')" local fingerprint found=0 for fingerprint in
Re: Second OpenPGP-card
Matthias Apitz wrote: El día lunes, febrero 26, 2024 a las 06:40:26 -0600, Jacob Bachmeyer via Gnupg-users escribió: Matthias Apitz wrote: [...] Said/showed that, I can't imagine that, when I SCP the file .password-store/test.gpg to another mobile with another OpenPGP card, that this system would be able to decrypt the file and reencrypt it again with the new card. Correct. You must first copy the *new* public key to the *old* system and re-encrypt the password store to *both* public keys on the *old* system, then transfer the encrypted blobs to the new system. ... Thanks for the clarification and clear instruction. You are welcome. While you are here, this is a good time to remind you to regularly check the list of public keys used with your password store. If Mallory can sneak *his* key onto that list, he will be able to get your passwords! It says: purism@pureos:~$ gpg --list-keys /home/purism/.gnupg/pubring.kbx --- pub rsa2048 2021-10-30 [SC] 336EB96892FE9FE7F6... uid [ultimate] Matthias Apitz (GnuPG CCID L5) sub rsa2048 2021-10-30 [A] sub rsa2048 2021-10-30 [E] [...] Are you sure that *that* is the list of public keys used by pass(1)? It almost certainly is not, since GPG's public key collection is meant to collect keys for a variety of uses. For example, sending encrypted emails or verifying signatures. You probably do not want your password store encrypted to everyone you correspond with! Therefore, pass(1) almost certainly has its own list of keys stored somewhere else. Your regular public key was probably copied to that list when you initialized the password store. That is the list that you need to regularly check, lest Mallory be able to sneak his key onto it. That list is *also* where you need to add your new public key in order to migrate your password store. Lastly, I know that you are using a smartcard, but you are storing long-lived (and presumably valuable) authentication tokens here. Does the card support RSA4096 or at least RSA3072? If so, I would strongly recommend migrating to longer keys, as RSA2048 is currently the shortest not probably already broken by increasing conventional computing power to throw at factoring. If I understand correctly, this is the reason that DSA is obsolete: DSA (to support smartcard implementations) specifies exactly one allowed key length: 1024 bits. While DSA uses discrete logarithms, the discrete logarithm and factoring problems have a mathematical equivalence that means a factoring algorithm can be used to derive a solution to the discrete logarithm problem and /vice versa/. Accordingly, RSA1024 is now considered sufficiently dubious that some implementations no longer support it, such as the go-crypto/openpgp library used by the newer "hockeypuck" keyserver software, which led to an interesting recent thread on gnupg-devel and bunch of old keys effectively falling out of the Web of Trust. -- Jacob ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Second OpenPGP-card
On Tue, 27 Feb 2024 10:07, Matthias Apitz said: > I've never done anything with this and expected it also at date > 2021-10-30 (when I initialized the OpenPGP card in the mobile L5). The pubring.kbx is used for various things. For example we also store "ephemeral keys" for X.509 (those we receive via mail) which are not used due to an incomplete chain. There is a cleanup process running every few hours to remove them. Shalom-Salam, Werner -- The pioneers of a warless world are the youth that refuse military service. - A. Einstein openpgp-digital-signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Second OpenPGP-card
El día lunes, febrero 26, 2024 a las 06:40:26 -0600, Jacob Bachmeyer via Gnupg-users escribió: > Matthias Apitz wrote: > > [...] > > Said/showed that, I can't imagine that, when I SCP the file > > .password-store/test.gpg to another mobile with another OpenPGP card, > > that this system would be able to decrypt the file and reencrypt it > > again with the new card. > > Correct. You must first copy the *new* public key to the *old* system and > re-encrypt the password store to *both* public keys on the *old* system, > then transfer the encrypted blobs to the new system. > ... Thanks for the clarification and clear instruction. > While you are here, this is a good time to remind you to regularly check the > list of public keys used with your password store. If Mallory can sneak > *his* key onto that list, he will be able to get your passwords! It says: purism@pureos:~$ gpg --list-keys /home/purism/.gnupg/pubring.kbx --- pub rsa2048 2021-10-30 [SC] 336EB96892FE9FE7F6... uid [ultimate] Matthias Apitz (GnuPG CCID L5) sub rsa2048 2021-10-30 [A] sub rsa2048 2021-10-30 [E] What makes me wonder it the last modification date of the file: purism@pureos:~$ ls -l /home/purism/.gnupg/pubring.kbx -rw--- 1 purism purism 172324 feb 1 11:13 /home/purism/.gnupg/pubring.kbx I've never done anything with this and expected it also at date 2021-10-30 (when I initialized the OpenPGP card in the mobile L5). matthias -- Matthias Apitz, ✉ g...@unixarea.de, http://www.unixarea.de/ +49-176-38902045 Public GnuPG key: http://www.unixarea.de/key.pub I am not at war with Russia. Я не воюю с Россией. Ich bin nicht im Krieg mit Russland. ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users