Re: article about Air Gapped OpenPGP Key

[adrelanos]

Paul R. Ramer:
> adrelanos  wrote:
>> When one uses a Live system for its air gapped OpenPGP key, one
>> would have to constantly remember re-creating this that gpg.conf.
>> (Gone after reboot.)
> 
> Not necessarily.  You can plug in a USB drive with your custom
> gpg.conf file on it, for example.

> A more elegant solution would be
> to modify your Live CD (or whatever you use) to have a gpg.conf file
> in your gpg home directory.  You can search the web on how to make a
> custom Live CD.

That would work. Well, for the context of that article asking readers to
create their own custom Live CD seems like over complicating an awfully
complicated problem even further.

>>> I'd like to call your attention to the "cert-digest-algo SHA256"
>>> line
>> --
>>> this means that your primary key will make stronger signatures
>>> on
>> other
>>> keys (e.g. your subkeys and other people's public keys). This is 
>>> probably a Good Thing.
>> 
>> This is important. Can this be set without using gpg.conf?
> 
> You can run gpg by specifying this as an option on the command line,
> e.g. gpg --cert-digest-algo sha256.  Any command line option that you
> can pass to gpg when you run it can be put into your gpg.conf file.

"gpg --cert-digest-algo sha256" is what the article now uses.

> But if your thinking is, "How can I have this set permanently without
> using gpg.conf?"--you can't.  gpg.conf is the configuration file for
> gpg.

Okay.

Cheers,
adrelanos

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: article about Air Gapped OpenPGP Key

[Paul R. Ramer]

adrelanos  wrote:
>When one uses a Live system for its air gapped OpenPGP key, one would
>have to constantly remember re-creating this that gpg.conf. (Gone after
>reboot.)

Not necessarily.  You can plug in a USB drive with your custom gpg.conf file on 
it, for example.  A more elegant solution would be to modify your Live CD (or 
whatever you use) to have a gpg.conf file in your gpg home directory.  You can 
search the web on how to make a custom Live CD.

>> I'd like to call your attention to the "cert-digest-algo SHA256" line
>--
>> this means that your primary key will make stronger signatures on
>other
>> keys (e.g. your subkeys and other people's public keys). This is
>> probably a Good Thing.
>
>This is important. Can this be set without using gpg.conf?

You can run gpg by specifying this as an option on the command line, e.g. gpg 
--cert-digest-algo sha256.  Any command line option that you can pass to gpg 
when you run it can be put into your gpg.conf file.  But if your thinking is, 
"How can I have this set permanently without using gpg.conf?"--you can't.  
gpg.conf is the configuration file for gpg.

Cheers,

--Paul

--
PGP: 3DB6D884

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: article about Air Gapped OpenPGP Key

[Robert J. Hansen]

On 11/21/2013 7:14 PM, MFPA wrote:
> Logically, wouldn't you have to destroy it after being ordered to hand
> it over to be in contempt of court?

Depends on the meaning of "contempt of court" in your jurisdiction and
what your local rules are with respect to document discovery.

We're getting pretty far afield of email crypto.  Let's try and bring it
back on topic.  :)

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: article about Air Gapped OpenPGP Key

[MFPA]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hi


On Tuesday 19 November 2013 at 8:06:18 PM, in
, Johan Wevers wrote:



> destroying the key will prevent
> you from having to hand it over. In some jurisdictions
> this may be seen as "contempt of court"

Logically, wouldn't you have to destroy it after being ordered to hand
it over to be in contempt of court?


- --
Best regards

MFPAmailto:expires2...@ymail.com

A nod is as good as a wink to a blind bat!
-BEGIN PGP SIGNATURE-

iPQEAQEKAF4FAlKOodtXFIAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl
bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0
N0VDQTAzAAoJEKipC46tDG5pEOYD/02EIvOPdtX5H7QnnxyLhtDvddA2cWg3HKXC
HQBzIuvd09T2hy2wC2+TdsjHxLNFpRxvc7tGaY+yERKeu4IOoT2sm57NY7Z6KcAZ
hkrKwG/lm1vXCbtl6TKpSR0aC00n9sxDHrewQeGCKeUxqDIc0p+RtlSAfHBfh7N3
lNK+hzZG
=iRc7
-END PGP SIGNATURE-


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: article about Air Gapped OpenPGP Key

[Robert J. Hansen]

On 11/19/2013 6:03 PM, Chris De Young wrote:
> I'd be surprised if this gets you very far in a US court.

Depends on when you did it and why.  Many businesses have document
retention policies (crafted with the assistance of counsel) that specify
old documents are to be put beyond recovery, and scrapping a crypto key
is generally seen as more cost-effective than shipping the drive off to
be shredded.  IronMountain charges $X per drive, but wiping a crypto key
is effectively free.

If you do this in response to an investigation then yes, you're likely
going to make the judge very unhappy.  If you do this as part of normal
business practices that were devised with the assistance of counsel,
you're likely to fare much better.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: article about Air Gapped OpenPGP Key

[Leo Gaspard]

On Tue, Nov 19, 2013 at 02:50:20PM -0800, Robert J. Hansen wrote:
> >>That depends on your threat model. If you fear juridical problems (say,
> >>for example, some encrypted mails have been intercepted by the police
> >>but they can't decrypt them), destroying the key will prevent you from
> >>having to hand it over. In some jurisdictions this may be seen as
> >>"contempt of court", and even be punishable, but in most EU countries
> >>you're safe when you do this.
> >
> >Especially knowing in most EU countries judges are not allowed to force
> >you to
> >hand over your secret key, only to decrypt specific messages for them. (Don't
> >remember where I read that.)
> 
> Most encrypted drive software doesn't actually work the way people seem to
> think they work.  The drive is encrypted with a random nonce.
> [...]

Actually, I answered the "encrypted mails" part. Thanks anyway.

> I cannot think of a single use case for scrubbing plaintext storage devices.
> In every use case I can come up with, the user would be better served by
> using an encrypted storage device.  That doesn't mean no such use case
> exists, mind you -- just that I can't think of one.

Well... I can see one : the user used a plaintext storage device without
thinking about it, and then understands he needs an encrypted device and scrubs
his hard drive when the encrypted drive is set up with the necessary
information.

Another one would be (paranoid) fear about the long long term : who knows some
three-letter agency would not steal your computer, and store its hard drive
content until decryption is available (say, 10 years from now, being quite
optimistic?). So scrubbing the already-encrypted data would help ensure data is
never recovered.

Maybe scrubbing a specific file, without need to reset files on full blocks,
block-based encryption being AFAICT the most frequent way of encrypting complete
hard drives.

That's all I can figure out.

Cheers,

Leo

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: article about Air Gapped OpenPGP Key

[Chris De Young]

On 11/19/2013 3:50 PM, Robert J. Hansen wrote:
[...]
> then used to do all further crypto operations.  To put the data forever
> beyond recovery, you generate a new nonce, encrypt it with the same
> passphrase, and write it over the old nonce.  If someone demands your
> cryptographic key you can honestly and genuinely give it up without any
> fear of your old data being compromised.  The investigator will be able
> to verify that you've complied with the court's order, and the
> investigator will also be able to verify that you never knew the
> original nonce.

I'd be surprised if this gets you very far in a US court. Technical
details aside, what the court will likely see is that you deliberately
took action intended to put the data beyond the reach of the court in
order to avoid whatever legal ramifications that access might have. The
results of that will probably not be very good (US judges have quite
broad powers when it comes to contempt of court).

-C



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: article about Air Gapped OpenPGP Key

[Robert J. Hansen]

That depends on your threat model. If you fear juridical problems (say,
for example, some encrypted mails have been intercepted by the police
but they can't decrypt them), destroying the key will prevent you from
having to hand it over. In some jurisdictions this may be seen as
"contempt of court", and even be punishable, but in most EU countries
you're safe when you do this.


Especially knowing in most EU countries judges are not allowed to  
force you to

hand over your secret key, only to decrypt specific messages for them. (Don't
remember where I read that.)


Most encrypted drive software doesn't actually work the way people  
seem to think they work.  The drive is encrypted with a random nonce.   
This nonce is written to disk in an encrypted format.  When you enter  
a passphrase to unlock the drive, the encrypted random nonce is read  
in and decrypted using the passphrase.  The newly-recovered random  
nonce is then used to do all further crypto operations.  To put the  
data forever beyond recovery, you generate a new nonce, encrypt it  
with the same passphrase, and write it over the old nonce.  If someone  
demands your cryptographic key you can honestly and genuinely give it  
up without any fear of your old data being compromised.  The  
investigator will be able to verify that you've complied with the  
court's order, and the investigator will also be able to verify that  
you never knew the original nonce.


"This drive was originally encrypted with a random nonce which the  
defendant never knew.  The defendant cannot be compelled to produce  
information the defendant never possessed.  This random nonce is  
irretrievably gone.  The defendant *can* be compelled to produce the  
key used to encrypt that random nonce, and the defendant seems to have  
complied with that order -- but the random nonce itself is gone, and  
with it, any hope of recovering the data on the encrypted drive."


I cannot think of a single use case for scrubbing plaintext storage  
devices.  In every use case I can come up with, the user would be  
better served by using an encrypted storage device.  That doesn't mean  
no such use case exists, mind you -- just that I can't think of one.



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: article about Air Gapped OpenPGP Key

[Leo Gaspard]

On Tue, Nov 19, 2013 at 09:06:18PM +0100, Johan Wevers wrote:
> On 19-11-2013 7:07, Robert J. Hansen wrote:
> > Even then, scrubbing data is usually a sign you've misunderstood the
> > problem you're trying to solve.  If you're concerned about sensitive
> > data lurking on your hard drive the solution isn't to scrub the drive,
> > it's to use an encrypted filesystem.
> 
> That depends on your threat model. If you fear juridical problems (say,
> for example, some encrypted mails have been intercepted by the police
> but they can't decrypt them), destroying the key will prevent you from
> having to hand it over. In some jurisdictions this may be seen as
> "contempt of court", and even be punishable, but in most EU countries
> you're safe when you do this.

Especially knowing in most EU countries judges are not allowed to force you to
hand over your secret key, only to decrypt specific messages for them. (Don't
remember where I read that.)

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: article about Air Gapped OpenPGP Key

[Johan Wevers]

On 19-11-2013 7:07, Robert J. Hansen wrote:

> Even then, scrubbing data is usually a sign you've misunderstood the
> problem you're trying to solve.  If you're concerned about sensitive
> data lurking on your hard drive the solution isn't to scrub the drive,
> it's to use an encrypted filesystem.

That depends on your threat model. If you fear juridical problems (say,
for example, some encrypted mails have been intercepted by the police
but they can't decrypt them), destroying the key will prevent you from
having to hand it over. In some jurisdictions this may be seen as
"contempt of court", and even be punishable, but in most EU countries
you're safe when you do this.

-- 
ir. J.C.A. Wevers
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: article about Air Gapped OpenPGP Key

[adrelanos]

Robert J. Hansen:>> Please leave feedback or hit the edit button. Maybe
it's useful for
>> someone. It's under public domain.
>
> A major omission:
>
> "What is this, why should I care, and what security risks does it
> mitigate?"
>
> Without that, the article is useful only to people who have already been
> convinced of the importance of an airgapped certificate.  If you can
> address those three questions the page will become much more useful to
> people who don't know what an airgapped certificate is or in which
> circumstances it might be useful.

I agree with that, I've never been good at explaining the why, so this
time I omitted it.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: article about Air Gapped OpenPGP Key

[adrelanos]

Hauke Laging:
> Am Mo 18.11.2013, 17:21:22 schrieb adrelanos:
>> Hi,
>>
>> An article about air gapped OpenPGP keys has been written by me:
>> https://www.whonix.org/wiki/Air_Gapped_OpenPGP_Key
>>
>> Please leave feedback or hit the edit button.
> 
> 
> 
>> By default GPG creates one signing subkey (your identity) and one encryption
>> subkey
> 
> That's wrong. The default is a mainkey for signing and a subkey for 
> encryption.

Fixed that.

> 
>> This new subkey is linked to the first signing key.
> 
> ?

Fixed that.

> 
>> Your master keypair is the one whose loss would be truly catastrophic.
> 
> I would not put it that way. If it is just lost then the key will expire (if 
> it has an expiration date as it should) as you cannot extend its validity 
> time. So you need a new key. That is unpleasant but usually not as unpleasant 
> as compromised decryption or signature keys. If you state something like that 
> I think you should explain it.
> 

I agree with that. Originally intended to write "compromise" instead of
"loss". When I write "compromise", that sentence should be correct.

>> Using the highest possible value for key length helps protect you from that
>> scenario. Don’t use GPG’s default of 2048!
> 
> That argument doesn't make any sense for a key "copied to your every day 
> operating system".

The whole context is:

> When you create your new keypair, use the highest possible values for
key length. As computers get more powerful and storage gets cheaper,
it’s conceivable that a nasty person could archive a message that’s
unbreakable today, then in the future break it using a more powerful
computer. Using the highest possible value for key length helps protect
you from that scenario. Don’t use GPG’s default of 2048!

Why doesn't tbhat make sense?

> 
>> If your master keypair gets lost or stolen, this certificate file is the
>> only way you’ll be able to tell people to ignore the stolen key. This is
>> important, don’t skip this step!
> 
> I have never understood why people seem to believe that they cannot safely 
> store a key backup (including the passphrase if necessary) but can safely 
> store a revocation certificate.

I don't understand.

> 
>> Clean up our temporary file.
> 
>> rm subkeys
> 
> Why should one remove this file?

Probably not that important. It's not required anymore. When later new
subkeys are created, that file would have to be updated. Removing it to
avoid confusion.

> And it it really a good idea to use the same passphrase for both mainkey and 
> subkeys?

From a security perspective, clearly no. From a usability perspective,
yes. Above I am suggesting to store the key backup on a fully encrypted
disk, so the passphrase for the mainkey doesn't matter if you assume,
the full disk encryption of that disk is safe.

> 
>> The pound sign means the signing subkey is not in the keypair located in the
>> keyring.
> 
> No, it means that the mainkey has been replaced by a stub.

I added this as a footnote.

> 
>> Securely wiping of data is a difficult issue. We believe it is safer to
>> create a new keypair (a new secring.gpg) than trusting gpg to remove the
>> private master key from secring.gpg.
> 
> We are talking about a secring.gpg in RAM as the key is generated on a secure 
> system running some live Linux CD/DVD?

That would be advisable.

> 
>> Our every day operating system never gets to see our OpenPGP master key
> 
> But it sees the mainkey's passphrase...

True.

> 
> It will take me some time to translate this in English but I have written a 
> bash script which creates a new key with two subkeys and outputs a set of 
> files (with different passphrases) and two directories and even allows you to 
> easily certify other keys and create mainkey signatures immediately after key 
> creation:
> 
> 0x11DB2900.public.asc
> 0x11DB2900.public.asc.asc
> 0x11DB2900.secret-mainkey.asc
> 0x11DB2900.secret-mainkey-only.asc
> 0x11DB2900.secret-subkeys.asc
> _gnupg-mainkey/
> _gnupg-subkeys/
> 
> 
> 
> http://www.openpgp-schulungen.de/scripte/keygeneration/
> 
> explained here:
> http://www.openpgp-schulungen.de/inhalte/einrichtung/materialien/keygen-anleitung-info.html
> 
> Or download the whole script collection here and run ./start.sh:
> http://www.openpgp-schulungen.de/download/

This is most interesting.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: article about Air Gapped OpenPGP Key

[adrelanos]

Pete Stephenson:
> 1. If you set the keyprefs in your gpg.conf configuration file before
> you generate a new key it will generate new keys with these stronger
> defaults rather than having you need to edit them later. See
>  for details
> and examples.

I also thought about recommending a gpg.conf with specific settings.
Maybe this one:
https://github.com/ioerror/torbirdy/pull/11
https://github.com/ioerror/torbirdy/blob/master/gpg.conf

Not sure... What makes the page less complex and confusing? Explain how
to set such options using command line or creating a gpg.conf?

When one uses a Live system for its air gapped OpenPGP key, one would
have to constantly remember re-creating this that gpg.conf. (Gone after
reboot.)

> I'd like to call your attention to the "cert-digest-algo SHA256" line --
> this means that your primary key will make stronger signatures on other
> keys (e.g. your subkeys and other people's public keys). This is
> probably a Good Thing.

This is important. Can this be set without using gpg.conf?

> 2. Have you considered adding TWOFISH and BLOWFISH to the list of
> ciphers? I put TWOFISH after AES256 and before AES192, and I put
> BLOWFISH after AES but before CAST5. I like having diverse, strong
> ciphers available to those who might elect to use them. Since the
> versions of GnuPG I use support those ciphers and they're generally
> well-regarded I see no reason to exclude them, but your mileage may vary.

No, I haven't considered it, don't feel I am competent for such a
discussion. I am ignorant about the nuances which ciphers are
better/worse/when/etc. and following recommendations from here:
https://github.com/ioerror/torbirdy/blob/master/gpg.conf

> 3. When generating the key and you're prompted to pick a key type, I
> recommend selecting #4 ("RSA (sign only)"). This generates only the
> primary signing/certification key but does not generate an encryption
> subkey at the same time. Later you can add the encryption and signing
> subkeys. This can be useful if you want to mix-and-match algorithms and
> expiration dates.
> [...]

Implemented this suggestion.

> 4. Are there any known issues with your "air gapped" system being the
> same physical hardware as your everyday system even if you use a LiveCD?
> I don't know if there'd be the potential for hardware compromises.
> Depending on one's security needs, it might be useful to get a separate,
> isolated, never-connected-to-the-internet computer specifically for
> high-security needs. (See
>  for some
> pointers.)

I added this:

> You can boot a Live DVD or an operating system installed on external
media such as USB (recommendation: use full disk encryption). Using a
separate physical hardware is better than just booting another operating
system, but still, using another operating system is better than nothing.

> 5. Smartcards are also useful, as you can generate keys on your isolated
> computer, back them up safely, then copy the keys to the smartcard. You
> can then use the smartcard on your everyday system without risk of
> exposing the private keys.

I added this suggestion as well.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: article about Air Gapped OpenPGP Key

[Robert J. Hansen]

> I have never understood why people seem to believe that they cannot safely 
> store a key backup (including the passphrase if necessary) but can safely 
> store a revocation certificate.

It comes into play more when entrusting others.  If I give my lawyer a
copy of my certificate and passphrase with instructions of "revoke these
when I die," I'm giving my lawyer the power to impersonate me should my
lawyer suddenly go rogue.  If I give my lawyer a revocation certificate,
I'm exposed to far less risk.

> And it it really a good idea to use the same passphrase for both mainkey and 
> subkeys?

This can't be answered without knowing about a specific threat that the
person is trying to mitigate.  I think that most models will find this
to be a negligible risk.

(This next quote belongs to adrelanos, not Hauke.)

> Securely wiping of data is a difficult issue. We believe it is safer to
> create a new keypair (a new secring.gpg) than trusting gpg to remove the
> private master key from secring.gpg.

First, using the royal "we" is... well, royal.  "We" is appropriate when
writing a committee report or if the speaker is a sitting monarch.
Otherwise, "I" should be used.

Second, why is a secure wipe necessary?  The only information that's
recoverable is public metadata.  The key material itself is encrypted.

If people doubt me on this, I am quite happy to post my private key to
the list.  So long as you've got a good passphrase on your certificate,
you can post your private key in the _New York Times_.  I'm unaware of
any model in which a private key needs to be securely scrubbed, unless
you're not putting a strong passphrase on the certificate.

Even then, scrubbing data is usually a sign you've misunderstood the
problem you're trying to solve.  If you're concerned about sensitive
data lurking on your hard drive the solution isn't to scrub the drive,
it's to use an encrypted filesystem.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: article about Air Gapped OpenPGP Key

[Hauke Laging]

Am Mo 18.11.2013, 17:21:22 schrieb adrelanos:
> Hi,
> 
> An article about air gapped OpenPGP keys has been written by me:
> https://www.whonix.org/wiki/Air_Gapped_OpenPGP_Key
> 
> Please leave feedback or hit the edit button.



> By default GPG creates one signing subkey (your identity) and one encryption
> subkey

That's wrong. The default is a mainkey for signing and a subkey for 
encryption.


> This new subkey is linked to the first signing key.

?


> Your master keypair is the one whose loss would be truly catastrophic.

I would not put it that way. If it is just lost then the key will expire (if 
it has an expiration date as it should) as you cannot extend its validity 
time. So you need a new key. That is unpleasant but usually not as unpleasant 
as compromised decryption or signature keys. If you state something like that 
I think you should explain it.


> Using the highest possible value for key length helps protect you from that
> scenario. Don’t use GPG’s default of 2048!

That argument doesn't make any sense for a key "copied to your every day 
operating system".


> If your master keypair gets lost or stolen, this certificate file is the
> only way you’ll be able to tell people to ignore the stolen key. This is
> important, don’t skip this step!

I have never understood why people seem to believe that they cannot safely 
store a key backup (including the passphrase if necessary) but can safely 
store a revocation certificate.


> Clean up our temporary file.

> rm subkeys

Why should one remove this file?

And it it really a good idea to use the same passphrase for both mainkey and 
subkeys?


> The pound sign means the signing subkey is not in the keypair located in the
> keyring.

No, it means that the mainkey has been replaced by a stub.


> Securely wiping of data is a difficult issue. We believe it is safer to
> create a new keypair (a new secring.gpg) than trusting gpg to remove the
> private master key from secring.gpg.

We are talking about a secring.gpg in RAM as the key is generated on a secure 
system running some live Linux CD/DVD?


> Our every day operating system never gets to see our OpenPGP master key

But it sees the mainkey's passphrase...


It will take me some time to translate this in English but I have written a 
bash script which creates a new key with two subkeys and outputs a set of 
files (with different passphrases) and two directories and even allows you to 
easily certify other keys and create mainkey signatures immediately after key 
creation:

0x11DB2900.public.asc
0x11DB2900.public.asc.asc
0x11DB2900.secret-mainkey.asc
0x11DB2900.secret-mainkey-only.asc
0x11DB2900.secret-subkeys.asc
_gnupg-mainkey/
_gnupg-subkeys/



http://www.openpgp-schulungen.de/scripte/keygeneration/

explained here:
http://www.openpgp-schulungen.de/inhalte/einrichtung/materialien/keygen-anleitung-info.html

Or download the whole script collection here and run ./start.sh:
http://www.openpgp-schulungen.de/download/


Hauke
-- 
Crypto für alle: http://www.openpgp-schulungen.de/fuer/bekannte/
OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5


signature.asc
Description: This is a digitally signed message part.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: article about Air Gapped OpenPGP Key

[David Tomaschik]

On Mon, Nov 18, 2013 at 11:45 AM, Pete Stephenson  wrote:

> On 11/18/2013 6:21 PM, adrelanos wrote:
> > Hi,
> >
> > An article about air gapped OpenPGP keys has been written by me:
> > https://www.whonix.org/wiki/Air_Gapped_OpenPGP_Key
> >
> > Please leave feedback or hit the edit button. Maybe it's useful for
> > someone. It's under public domain.
> >
> > Cheers,
> > adrelanos
>
> 
>


> 4. Are there any known issues with your "air gapped" system being the
> same physical hardware as your everyday system even if you use a LiveCD?
> I don't know if there'd be the potential for hardware compromises.
> Depending on one's security needs, it might be useful to get a separate,
> isolated, never-connected-to-the-internet computer specifically for
> high-security needs. (See
>  for some
> pointers.)
>
>
If you haven't seen it already, check out the story on "BadBIOS" -- Dragos
Ruiu, one of the organizers of CANSEC West has alledgedly uncovered a
complex hardware rootkit.  (One story here:
https://www.schneier.com/blog/archives/2013/11/badbios.html)  I haven't
decided yet if I believe all of it, but it's still a scary thought.


>
> Cheers!
> -Pete
>
> Cheers!
> -Pete
>
> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>



-- 
David Tomaschik
OpenPGP: 0x5DEA789B
http://systemoverlord.com
da...@systemoverlord.com
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: article about Air Gapped OpenPGP Key

[Robert J. Hansen]

4. Are there any known issues with your "air gapped" system being the
same physical hardware as your everyday system even if you use a LiveCD?


The airgap networks I've seen have run in separate rooms from the  
regular network and use a different kind of networking hardware in  
order to make cross-contamination impossible.  For instance, if the  
network uses gigabit Ethernet then the airgap will use 10base2 coaxial  
cable, or some other incompatible networking system.  (This may be the  
only remaining legitimate use for 10base2...)


If your airgap system is network-compatible with the regular system,  
then you don't have an airgap.  What you have instead is something  
that looks like an airgap until somebody has a five-second braino  
while hooking up network cables, and you don't discover for two weeks  
afterwards that your airgap was breached.



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: article about Air Gapped OpenPGP Key

[Pete Stephenson]

On 11/18/2013 6:21 PM, adrelanos wrote:
> Hi,
> 
> An article about air gapped OpenPGP keys has been written by me:
> https://www.whonix.org/wiki/Air_Gapped_OpenPGP_Key
> 
> Please leave feedback or hit the edit button. Maybe it's useful for
> someone. It's under public domain.
> 
> Cheers,
> adrelanos

Excellent work!

Here's some minor suggestions and personal opinions.

1. If you set the keyprefs in your gpg.conf configuration file before
you generate a new key it will generate new keys with these stronger
defaults rather than having you need to edit them later. See
 for details
and examples.

I'd like to call your attention to the "cert-digest-algo SHA256" line --
this means that your primary key will make stronger signatures on other
keys (e.g. your subkeys and other people's public keys). This is
probably a Good Thing.

2. Have you considered adding TWOFISH and BLOWFISH to the list of
ciphers? I put TWOFISH after AES256 and before AES192, and I put
BLOWFISH after AES but before CAST5. I like having diverse, strong
ciphers available to those who might elect to use them. Since the
versions of GnuPG I use support those ciphers and they're generally
well-regarded I see no reason to exclude them, but your mileage may vary.

I've been tempted to add prefs showing I can use the CAMELLIA cipher --
does anyone know of a good reason not to?

3. When generating the key and you're prompted to pick a key type, I
recommend selecting #4 ("RSA (sign only)"). This generates only the
primary signing/certification key but does not generate an encryption
subkey at the same time. Later you can add the encryption and signing
subkeys. This can be useful if you want to mix-and-match algorithms and
expiration dates.

For example, I have a 3072-bit DSA sign/cert primary key, a 2048-bit RSA
encryption subkey, and a 2048-bit RSA signing subkey. The two subkeys
have a 5-year expiration time while the primary key has no expiration time.

Of course, selecting option #1 and creating an RSA sign/cert primary key
with an RSA subkey of equal strength with the same (if any) expiration
date, followed by adding a new signing subkey also works. It's simply a
matter of personal preference -- I like generating each key individually
so I have control over that specific key.

4. Are there any known issues with your "air gapped" system being the
same physical hardware as your everyday system even if you use a LiveCD?
I don't know if there'd be the potential for hardware compromises.
Depending on one's security needs, it might be useful to get a separate,
isolated, never-connected-to-the-internet computer specifically for
high-security needs. (See
 for some
pointers.)

5. Smartcards are also useful, as you can generate keys on your isolated
computer, back them up safely, then copy the keys to the smartcard. You
can then use the smartcard on your everyday system without risk of
exposing the private keys. I have an RSA primary key on one smartcard
and RSA signing/encryption subkeys on another smartcard. (I also have a
third card which has the RSA subkeys for the key I mentioned in point #3
above. I rather like smartcards.)

Cheers!
-Pete

Cheers!
-Pete

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

article about Air Gapped OpenPGP Key

[adrelanos]

Hi,

An article about air gapped OpenPGP keys has been written by me:
https://www.whonix.org/wiki/Air_Gapped_OpenPGP_Key

Please leave feedback or hit the edit button. Maybe it's useful for
someone. It's under public domain.

Cheers,
adrelanos

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users