Encrypted document vs Key manager - security question (slightly off topic)

[Daniel Mang]

Hi

Maybe one of you knowledgeable people on this list might be willing to
give me your qualified opinion on the issue. Sorry if this post is too
far off topic.

Years ago, before I had really heard of key managers, I started
putting login credentials, PIN numbers and other private and
confidential information into a file that I would then encrypt with
GPG and keep on my computer. When I was on Linux I had the whole disk
encrypted, now that I am using a Mac I use File Vault to encrypt the
whole disk. I use the GPG Suite for Mac by GPG Tools. Of course I
would erase the unencrypted original of this file and only keep the
encrypted file, but I am a bit worried about the feasibility of really
erasing anything on an SSD (I'm on one of these 12" "Retina"
MacBooks). I work on two computers, and for this and other reasons, a
while back I put most of my documents in the cloud using an instance
of NextCloud on a server in France run by very security conscious
friends. I sync that encrypted file with my passwords etc along with
everything else. When I open my encrypted file to consult or modify
it, of course I first turn off sync and only turn it on again after
the plain file is trashed, so that only the encrypted file ends up in
cloud storage.

So my question is, do you think this system is ridiculously insecure
or is it at least no worse than using something like KeePassX?

Kind regards

Daniel Mang

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Garbled data in keyservers

[Stefan Claas]

On Sun, 16 Dec 2018 22:06:55 +0100, Stefan Claas wrote:

> While testing today how to make someones pub key non-importable,non-
> receivable, 

For the interested reader:



and :
gpg --keyserver-option import-clean --keyserver pgp.circl.lu --recv-key 
0x981eb7c382ec52b4

does not work for me under macOS.

Regards
Stefan

-- 
https://www.behance.net/futagoza
https://keybase.io/stefan_claas

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Keyring management with multiple smart cards

[Wiktor Kwapisiewicz via Gnupg-users]

On 17.12.2018 03:28, Louis Opter wrote:
> Where is the procedure to remove shadow files documented? I found this to be
> confusing to do, hence why I favored different subkeys for different 
> smartcards.

Uhm, this is kind of internal GnuPG details so I guess it's not documented 
anywhere.

But it's something like this:

$ gpg --with-keygrip -K

You get keygrip from one of your subkeys and look for a file named the same in
~/.gnupg/private-keys-v1.d. Removing, well, just use "rm" (or "mv" just in 
case;).

Note that this is implementation detail so it may change in the future.

> Thank you very much for your feedback Wiktor!

No problem, one thing I forgot to mention - as far as I know RFC 4880 (OpenPGP)
doesn't precise which encryption subkey to use and some implementations (e.g.
OpenKeychain) use all valid encryption subkeys (so a scheme of using one
encryption subkey per token would work).

Kind regards,
Wiktor

-- 
https://metacode.biz/@wiktor

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users