Re: GPG, subkeys smartcard and computer

[MFPA]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hi


On Sunday 19 February 2017 at 2:58:56 PM, in
, Damien
Goutte-Gattat wrote:-


> Disclaimer: I am not advocating such a setup, that I
> don't even actually use.

I use that setup. Last I heard, message recipients who use
Enigmail/Thunderbird only see the verification result of one of the
signatures. Which one they see depends on the order of the two
local-user lines in my gpg.conf file, so if I have them in the "wrong"
order an Enigmail/Thunderbird user whose GnuPG is not version 2.1.x
will not see report of a valid signature.


- --
Best regards

MFPA  

The trouble with words is that you never know whose mouths they've been in.
-BEGIN PGP SIGNATURE-

iL4EARYKAGYFAliqNQRfFIAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl
bnBncC5maWZ0aGhvcnNlbWFuLm5ldDMzQUNFRDRFRTkxMzRFRUJERTZBODUwNjE3
MTJCQzQ2MUFGNzc4RTQACgkQFxK8Rhr3eOQu3AEAhk6IddWOiFov15Ha5QhKe9C8
Xh3WMI8mt2H4h0hdp5IA/jGhW01UYCHDhVG4ddY2fwjjsIekcxOyE+rUcmTwueMK
iQF8BAEBCgBmBQJYqjUEXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZBNUEwRjU2
QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXwbjYH/jUKUaX3GcfFcTpz3nsyuVqh
VPwpd0WVu9Fd4s/Nbt8MOFn++mwR2J7wh3nv44QJgk5MJVFUkCpgIuavm+L8DxG1
aQ14c0bBNw+IcTLhTF8q5fvWzPsluHex6YoNpzQLXSU3bJgMogm8IT+HCQAc7ee3
pIwaFuxdW4H/p7E0OIDrJkQywcF7sXBSbr2aAtJZUWFUzeosfrxgVNE8q800elF3
8nPtlhNZJ8MGcbOohstocWEv1GCGwzT8RyEGmnGduYYG25hg33zz8mLn210E/nn0
AOZIjUd8hyxBfLZLRjufbZAHkG+/EQVQcBbk0TBmuZ80dpXFLRZ9TXA4O6OqPIA=
=FW0d
-END PGP SIGNATURE-


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Hybrid keysigning party, your opinion?

[Nils Vogels]

Hey Peter, 

I've submitted a keysigning party at sha2017 earlier,  so we should have a slot 
to try something out.

I'll read up on this thread from the archives,  but I'm exploring possibilities 
to enhance the FOSDEM format with the use of QR for on-the-spot signing for 
those who want to and don't mind having signatures submitted by signers to 
keyservers. 


On 18 February 2017 16:15:04 CET, Peter Lebbing  wrote:
>Hello Lachlan,
>
>
>On 15/02/17 14:32, Lachlan Gunn wrote:
>> Given the discussion on the list before, now that CCC has come and
>gone
>> I'm curious as to how well this worked.
>
>It failed on a trivial point: by the Friday before the congress, I had
>only
>received four signups. A list with five keys is a poor list indeed. I
>switched
>the model to the classic "bring keyslips" model.
>
>> Is it an innovation worth
>> perpetuating?
>
>I think it would work. I'd like to try again.
>
>In fact, given that we don't need to place trust in the paper copies, I
>think it
>would actually work if I kept sign-up open until just before the party,
>and
>printed a stack of "scrubbed" lists myself to hand out. However, it was
>my
>feeling that some people would not feel comfortable with this
>brand-spanking-new
>"no need to trust me, really! Have my stuff" type of lists, so I didn't
>do that.
>I intended to cater to the untrusting crowd by giving them enough time
>to print
>their own lists and do it the in the usual Sassaman Efficient way.
>
>Given that this would have, on the flip side, catered to the handful of
>people
>who showed up without keyslips, perhaps it would still be a fair
>tradeoff for
>limiting the untrusting people in their possibilities.
>
>You could receive sign-ups by e-mail until the latest moment, and you
>would
>print the untrusted lists so anybody who didn't bring any keyslips
>could still
>be on that list by signing up.
>
>Note that there is no value judgement in how I use "untrusting" here,
>it's just
>a way to sum up a group of people in a single adjective.
>
>Next opportunity for a keysigning party for me will be SHA 2017,
>starting the
>4th of August in Zeewolde, The Netherlands[1].
>O Come, All Ye Hackful! Adeste Fiddle-es[2]!
>
>Cheers,
>
>Peter.
>
>[1] 
>[2] Fiddle-es: those who tinker.
>
>-- 
>I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
>You can send me encrypted mail if you want some privacy.
>My key is available at
>

-- 
Sent from my mobile device. Please excuse my brevity.___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GPG, subkeys smartcard and computer

[Damien Goutte-Gattat]

On 02/19/2017 03:11 PM, Peter Lebbing wrote:

However, maybe someone has come across a reason to do it where it would
be worth the hassle. There certainly are people using multiple S subkeys.


Some time ago, I did some experiments with a RSA master key with two 
sets of subkeys: RSA subkeys and ECC-based subkeys (ECDSA for the 
signing subkey, ECDH for the encryption subkey).


The idea was to test whether such a setup could be used by someone 
wanting to use elliptic-curve cryptography, but at the same time not 
wanting to cut herself from people still using GnuPG 2.0.x (which has no 
support for ECC).


Let's say Alice and Bob both use GnuPG 2.1, but Charlie uses GnuPG 2.0. 
And Alice uses the setup described above, where the ECC-based subkeys 
were created *after* the RSA-based subkeys.


For encryption: When Bob wants to encrypt a message to Alice, his gpg 
program automatically selects the latest encryption subkey it can use, 
that is, the ECDH subkey. On the other hand, when Charlie wants to 
encrypt a message to Alice, his gpg program skips the unsupported ECDH 
subkey and automatically selects the remaining RSA subkey. So everything 
work, Alice and Bob can benefit from ECC support in GnuPG 2.1 while 
still allowing Charlie to use RSA.


For signing: Alice signs her messages with *both* her RSA subkey and her 
ECDSA subkey (using multiple --local-user options), allowing both Bob 
and Charlie to verify her messages even though Charlie is stuck with 
GnuPG 2.0 and RSA.


(Eventually, Charlie will upgrade to GnuPG 2.1, and Alice will then 
revoke her RSA subkeys.)


Disclaimer: I am not advocating such a setup, that I don't even actually 
use. I did those tests mostly out of curiosity (I stick to RSA keys even 
with GnuPG 2.1, so I have no need to worry about backward 
compatibility). But I guess it's a possible reason for wanting more than 
one set of subkeys.




signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GPG, subkeys smartcard and computer

[Peter Lebbing]

On 19/02/17 13:45, Andrew Gallagher wrote:
> In my personal experience, monkeysphere has correctly added all
> valid A subkeys.

Thanks for the clarification.

> But I have a niggling doubt that I once read complaints from somebody
> somewhere (not helpful, I know) that whatever system they were using
> had trouble with multiple valid A subkeys.

Only one way to get this knowledge to the surface: we obviously need to
advise everybody to generate multiple A subkeys so somebody will
complain it doesn't work! Just kidding :).

> And in the case of A and S, there next to no benefit

I agree. I can't think of a compelling reason to use multiple ones; all
things considered, the added hassle is the larger factor in every
scenario I could think of just now. If you can't duplicate your A or S
subkey when you want to, for instance because you have it on smartcard
only, it's just as easy to create a new key and overwrite the old one on
the smart card. Then you can just use your new subkey everywhere from
now on. Just watch out you do it in the right order with respect to A
keys: first roll out the new key on all systems you want to authenticate
to, and only then overwrite your old key on your smartcard :-).

However, maybe someone has come across a reason to do it where it would
be worth the hassle. There certainly are people using multiple S subkeys.

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GPG, subkeys smartcard and computer

[Andrew Gallagher]

> On 19 Feb 2017, at 11:19, Peter Lebbing  wrote:
> 
>> On 17/02/17 15:11, Andrew Gallagher wrote:
>> Some systems will only authenticate against the most recently created
>> A subkey.
> 
> I have no personal experience, but I think it's possible this relates to
> MonkeySphere handling the authorized keys on the server?

In my personal experience, monkeysphere has correctly added all valid A 
subkeys. But I have a niggling doubt that I once read complaints from somebody 
somewhere (not helpful, I know) that whatever system they were using had 
trouble with multiple valid A subkeys. 

The main reason I am wary of having multiple subkeys for the same usage is that 
it just adds more complexity to an already complex system. In the case of E, 
multiple subkeys cause utter chaos. And in the case of A and S, there next to 
no benefit - if one of your subkeys is lost you should revoke it immediately 
anyway, and you can generate a new subkey while you're at it. Having an extra 
subkey generated in advance only gives you a tiny window of extra utility. 

Andrew. 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GPG, subkeys smartcard and computer

[Peter Lebbing]

Hi Stefano,

On 19/02/17 09:41, Stefano Tranquillini wrote:
> I think I can have multiple A subkeys, not like E keys that only the
> last is used, and use them to ssh servers if all these subkeys are
> added to the server

It depends on how the authorized authentication keys are added to the
server. If you just manually put them in ~/.ssh/authorized_keys, sure,
no problem. But Andrew did just write:

On 17/02/17 15:11, Andrew Gallagher wrote:
> Some systems will only authenticate against the most recently created
> A subkey.

I have no personal experience, but I think it's possible this relates to
MonkeySphere handling the authorized keys on the server?

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Hybrid keysigning party, your opinion?

[Lachlan Gunn]

Le 2017-02-19 à 01:45, Peter Lebbing a écrit :
> It failed on a trivial point: by the Friday before the congress, I had only
> received four signups. A list with five keys is a poor list indeed. I switched
> the model to the classic "bring keyslips" model.

Ah, fair enough.  That's a bit unfortunate, but thanks for the report!

Thanks,
Lachlan



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GPG, subkeys smartcard and computer

[Andrew Gallagher]

> On 19 Feb 2017, at 08:41, Stefano Tranquillini 
>  wrote:
> 
> wait, If i've a subkey E (called E1) and I lose it (e.g. it was on the 
> smartcard). 
> Can't I create a new E (called E2) from my master and decrypt the data? Or  
> the data encrypted are decriptable only by the exact E (E1 in this case) that 
> was used to encrypt it?

You need the *exact* subkey. This is why I make such a big deal about backups! 
Subkeys are not "created from" the primary, but completely at random. If you 
create a new subkey it will be completely different from any previous ones. 
Attaching the subkey to a primary is just a statement saying "don't use the 
primary key, use this subkey instead". The keys are not mathematically related. 
This is a feature! ;-)

> ​Can't I export the subkeys to a file and backup that file​ and then move the 
> keys to the card? Will I be able to restore the keys if they get lost?

Easier to just back up the entire .gnupg directory. Why complicate the restore 
process?

A___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GPG, subkeys smartcard and computer

[Stefano Tranquillini]

thanks,
Sorry for the double messages, I sent the first before subscribing to the
list and I tought it was not forwarded to the mailing list.

Briefly:
 - use tails to genereate master (default settings) and subkeys
 - export the public key and fingerprints
 - backup master to a cold storage
 - export the subkeys for later usage
 - move the subkeys into the laptop

I'll skip the smart card now, I'll only generate and add to it a A subkeys
for accessing ssh in case I'm away of the pc. I think I can have multiple A
subkeys, not like E keys that only the last is used, and use them to ssh
servers if all these subkeys are added to the server


Regarding the rest:

On Fri, Feb 17, 2017 at 3:11 PM, Andrew Gallagher 
wrote:

> ​... cut ...
>
> If you run "keytocard" and then save your changes, you will delete the
> on-disk copy of those subkeys. They will only then exist on the
> smartcard. I normally don't recommend this, as it means you have no way
> to back up your E subkey, and if your smartcard breaks you then lose
> access to all data encrypted to it. If you are keeping your master
> offline, there is IMO little extra risk in also keeping an offline
> copy of your E subkey. In order to do this, once you run "keytocard" on
> all three subkeys you should immediately quit gnupg *without saving*.
> This will ensure that the on-disk copy is not deleted.
>

​wait, If i've a subkey E (called E1) and I lose it (e.g. it was on the
smartcard).
Can't I create a new E (called E2) from my master and decrypt the data? Or
the data encrypted are decriptable only by the exact E (E1 in this case)
that was used to encrypt it?

​Can't I export the subkeys to a file and backup that file​ and then move
the keys to the card? Will I be able to restore the keys if they get lost?

​Sending you a sperarte email for the script (which seems the one you have
on the website)​

-- 
Stefano
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users