Quantcast

some beginner questions

classic Classic list List threaded Threaded
21 messages Options
12
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

some beginner questions

William Senn
Hi,

I am a relative newbie at using gnupg. I've tried it over the years, but
never really committed to using it fully until now. Now, I plan to use
gnupg for email and additional information security on a daily basis. I
have read quite a few books and feel like I have a pretty good grasp of
the basics. I have several practical questions:

1. It seems that the keyservers never forget. In creating keypairs while
trying to figure this out every few years and then forgetting the
passwords or losing the private keys and revocation certificates (which
at the time, I didn't understand the ramifications of and was definitely
not careful enough), it seems like I've left a bit of litter out there.
Do I just move on and try not to do that in the future, or is there any
hope for cleaning up?

2. In everyday use, what is the norm for folks to publish their keys to
get other folks to use them? Do y'all put the fingerprint in your
emails, attach your signatures (I see some of you on this list do), put
the key on your social media, or what?

3. I've read
https://superuser.com/questions/466396/how-to-manage-gpg-keys-across-multiple-systems
and other such pieces proclaiming the value of having the master key in
a safe place and having subkeys on your actual devices. I've following
the guides and it seems that I am unable to actually sign anything with
the subkey, gpg complains with gpg: signing failed: No secret key. gpg
-K shows:

sec#  rsa4096 2017-03-11 [SC]
      EA940B8B4625EC287C3BF93FFE9E46E0FBAAB459
uid           [ultimate] Will Senn <[hidden email]>
ssb   rsa4096 2017-03-30 [E]
ssb   rsa2048 2017-03-30 [S] [expires: 2019-03-30]
ssb   rsa2048 2017-03-30 [E] [expires: 2019-03-30]

The second ssb is a signing key [S], so what's up with that, or in other
words, how do I tell gpg to use the signing subkey?

4. Is it safe to refer to my public key/fingerprint information as I did
in the previous question with output from gpg?

Thanks,

Will



_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

signature.asc (817 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: some beginner questions

fa-ml
Hello Will, I'll answer 1. 2. and 4. (3. is beyond my knowledge):

On Sat, Apr 01, 2017 at 09:10:55AM -0500, Will Senn wrote:
> 1. It seems that the keyservers never forget. In creating keypairs while
> trying to figure this out every few years and then forgetting the
> passwords or losing the private keys and revocation certificates (which
> at the time, I didn't understand the ramifications of and was definitely
> not careful enough), it seems like I've left a bit of litter out there.
> Do I just move on and try not to do that in the future, or is there any
> hope for cleaning up?

You got it correctly, they indeed "never forget". Littering is something
which many folks do from time to time (I think Phil Zimmermann himself,
the creator of PGP, has an unrevoked/unrecoverable key in the servers).
Just carry on and you will be fine!

> 2. In everyday use, what is the norm for folks to publish their keys to
> get other folks to use them? Do y'all put the fingerprint in your
> emails, attach your signatures (I see some of you on this list do), put
> the key on your social media, or what?

There are a handful of options: fingerprint in the sig, mail headers
(like `X-PGP-Key:`), advertising on social media or on your personal
site.
I chose the latter, but fingerprints/key IDs are so short they fit
in a Twitter bio, so I'd say all are valid choices.
If you advertise it to the "general public", maybe you want to link
to a tutorial too, so people who have never used PGP can quickly learn
how to send messages to you (that's what I did [1]).

> 4. Is it safe to refer to my public key/fingerprint information as I did
> in the previous question with output from gpg?

Yep.


[1] http://ariis.it/static/articles/1-2-3-PGP/page.html

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: some beginner questions

Robert J. Hansen-3
In reply to this post by William Senn
> Do I just move on and try not to do that in the future, or is there any
> hope for cleaning up?

Move on.  It's okay, everybody makes this mistake in the beginning.  :)

> 2. In everyday use, what is the norm for folks to publish their keys to
> get other folks to use them? Do y'all put the fingerprint in your
> emails, attach your signatures (I see some of you on this list do), put
> the key on your social media, or what?

(My opinion on this used to be 100% orthodox; in the last few years I've
seen it become heterodox.  The cool kids are all about TOFU today; I
think TOFU borders on crazy.  So be warned, this opinion is ... stodgy,
by present standards.)

If I'm corresponding with someone, I ask if they use OpenPGP; if they
do, I arrange for an out-of-band key verification.  I also have my
fingerprint on my business card, so that if I meet someone face-to-face
it makes it easy as can be to do a key verification: here's my driver's
license, here's my business card, you get to verify I'm really Rob
Hansen and you have my fingerprint given to you directly by me.

> 3. I've read
> https://superuser.com/questions/466396/how-to-manage-gpg-keys-across-multiple-systems
> and other such pieces proclaiming the value of having the master key in
> a safe place and having subkeys on your actual devices. I've following
> the guides and it seems that I am unable to actually sign anything with
> the subkey, gpg complains with gpg: signing failed: No secret key. gpg
> -K shows:

Please read the FAQ.  Question 8.1 is directly applicable.

The internet is full of people who will tell you "the true secret" to
"creating the perfect key".  The reality is, unless you know exactly
what changes you're making and why you need to make them, you will be
far better served with the defaults.

https://www.gnupg.org/faq/gnupg-faq.html

> 4. Is it safe to refer to my public key/fingerprint information as I did
> in the previous question with output from gpg?

Yes.


_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: some beginner questions

William Senn
In reply to this post by fa-ml

On 4/1/17 11:22 AM, Francesco Ariis wrote:

> Hello Will, I'll answer 1. 2. and 4. (3. is beyond my knowledge):
>
> On Sat, Apr 01, 2017 at 09:10:55AM -0500, Will Senn wrote:
>> 1. It seems that the keyservers never forget. In creating keypairs while
>> trying to figure this out every few years and then forgetting the
>> passwords or losing the private keys and revocation certificates (which
>> at the time, I didn't understand the ramifications of and was definitely
>> not careful enough), it seems like I've left a bit of litter out there.
>> Do I just move on and try not to do that in the future, or is there any
>> hope for cleaning up?
> You got it correctly, they indeed "never forget". Littering is something
> which many folks do from time to time (I think Phil Zimmermann himself,
> the creator of PGP, has an unrevoked/unrecoverable key in the servers).
> Just carry on and you will be fine!
>
>> 2. In everyday use, what is the norm for folks to publish their keys to
>> get other folks to use them? Do y'all put the fingerprint in your
>> emails, attach your signatures (I see some of you on this list do), put
>> the key on your social media, or what?
> There are a handful of options: fingerprint in the sig, mail headers
> (like `X-PGP-Key:`), advertising on social media or on your personal
> site.
> I chose the latter, but fingerprints/key IDs are so short they fit
> in a Twitter bio, so I'd say all are valid choices.
> If you advertise it to the "general public", maybe you want to link
> to a tutorial too, so people who have never used PGP can quickly learn
> how to send messages to you (that's what I did [1]).
>
>> 4. Is it safe to refer to my public key/fingerprint information as I did
>> in the previous question with output from gpg?
> Yep.
>
>
> [1] http://ariis.it/static/articles/1-2-3-PGP/page.html
>
Thanks for the reply. I appreciate the answers.

Will



_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

signature.asc (817 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: some beginner questions

William Senn
In reply to this post by Robert J. Hansen-3
Robert,

On 4/1/17 3:08 PM, Robert J. Hansen wrote:
>> Do I just move on and try not to do that in the future, or is there any
>> hope for cleaning up?
> Move on.  It's okay, everybody makes this mistake in the beginning.  :)
I thought this might be the case. On the one hand, bummer, on the other, ok.

>> 2. In everyday use, what is the norm for folks to publish their keys to
>> get other folks to use them? Do y'all put the fingerprint in your
>> emails, attach your signatures (I see some of you on this list do), put
>> the key on your social media, or what?
> (My opinion on this used to be 100% orthodox; in the last few years I've
> seen it become heterodox.  The cool kids are all about TOFU today; I
> think TOFU borders on crazy.  So be warned, this opinion is ... stodgy,
> by present standards.)
>
> If I'm corresponding with someone, I ask if they use OpenPGP; if they
> do, I arrange for an out-of-band key verification.  I also have my
> fingerprint on my business card, so that if I meet someone face-to-face
> it makes it easy as can be to do a key verification: here's my driver's
> license, here's my business card, you get to verify I'm really Rob
> Hansen and you have my fingerprint given to you directly by me.
Sounds reasonable. I'll look into TOFU, but I think I'll lean towards a
more conservative approach to start.

>> 3. I've read
>> https://superuser.com/questions/466396/how-to-manage-gpg-keys-across-multiple-systems
>> and other such pieces proclaiming the value of having the master key in
>> a safe place and having subkeys on your actual devices. I've following
>> the guides and it seems that I am unable to actually sign anything with
>> the subkey, gpg complains with gpg: signing failed: No secret key. gpg
>> -K shows:
> Please read the FAQ.  Question 8.1 is directly applicable.
>
> The internet is full of people who will tell you "the true secret" to
> "creating the perfect key".  The reality is, unless you know exactly
> what changes you're making and why you need to make them, you will be
> far better served with the defaults.
>
> https://www.gnupg.org/faq/gnupg-faq.html
If I don't get this master/sub key thing figured out successfully soon,
I'll probably go back to defaults.
>> 4. Is it safe to refer to my public key/fingerprint information as I did
>> in the previous question with output from gpg?
> Yes.
>
Thanks,

Will


_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

signature.asc (817 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: some beginner questions

Doug Barton
In reply to this post by William Senn
Some answers below, and you've already received some good answers, but I
have some more fundamental questions. :)

First, and an important question for security-related stuff generally,
what is your threat model? In other words, what dangers are you guarding
against by using PGP? You mention evangelizing your key, and asking how
to get more people to use PGP with you. Those are reasonable questions,
but the first is the most important.

If you simply want a secure way to communicate with people that you know
without others being able to snoop on the conversation, there are other,
arguably better, and certainly easier, solutions. PGP has its use cases,
but unless we know why you want to use it, it's nearly impossible to
give you good advice.

More below.

On 04/01/2017 07:10 AM, Will Senn wrote:

> 3. I've read
> https://superuser.com/questions/466396/how-to-manage-gpg-keys-across-multiple-systems
> and other such pieces proclaiming the value of having the master key in
> a safe place and having subkeys on your actual devices.

What do you think a master key is, and why do you think it's important
to protect it? What kind of devices do you want to put signing subkeys
on? Why do you think that your use of PGP will be more secure if you
have a signing subkey on a device, instead of your "main key?"

> 4. Is it safe to refer to my public key/fingerprint information as I did
> in the previous question with output from gpg?

In what way(s) do you think it could be unsafe?

Doug

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: some beginner questions

Neal H. Walfield
At Sun, 2 Apr 2017 11:20:16 -0700,
Doug Barton wrote:

> On 04/01/2017 07:10 AM, Will Senn wrote:
> > 3. I've read
> > https://superuser.com/questions/466396/how-to-manage-gpg-keys-across-multiple-systems
> > and other such pieces proclaiming the value of having the master key in
> > a safe place and having subkeys on your actual devices.
>
> What do you think a master key is, and why do you think it's important
> to protect it? What kind of devices do you want to put signing subkeys
> on? Why do you think that your use of PGP will be more secure if you
> have a signing subkey on a device, instead of your "main key?"

Your main key is a unique global identifier.  It is what you write on
your business card and what you compare to validate a key.  If it is
compromised, then you need to revoke your main key and generate a new
one.  This means you have to throw away your old business cards and
inform all of your contacts that you have a new key.  If a subkey is
compromised, then you only need to rotate the subkey, not the whole
key.  In other words, you don't have to throw away your business cards
or inform your contacts that something has changed: their OpenPGP
implementation will automatically learn about the changes the next
time your key is refreshed.

In short, the main key acts as a level of indirection, which separates
your identity from your encryption/signing keys.

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: some beginner questions

William Senn
In reply to this post by Doug Barton

On 4/2/17 1:20 PM, Doug Barton wrote:
> Some answers below, and you've already received some good answers, but
> I have some more fundamental questions. :)
>
> First, and an important question for security-related stuff generally,
> what is your threat model? In other words, what dangers are you
> guarding against by using PGP? You mention evangelizing your key, and
> asking how to get more people to use PGP with you. Those are
> reasonable questions, but the first is the most important.
>
Doug, interesting term "threat model". I've seen it a few times and
wasn't sure what it meant. Thanks for the simplified explanation. It's a
piece of technical jargon that is part of the difficulty I saw with
learning the OpenPGP terrain. While security folks probably dig the
lingo, for the lay person, it's, well, interesting... I perceive my
threat model as being 1) a risk that someone other than my intended
recipient will gain access to information that I am sending to my
intended recipient  2) a risk that someone other than me will gain
access to information that I want only to be accessible to me. I
envision the solution, based on my understanding of available
(affordable) technologies as being 1) secure method of transmitting
information asynchronously over public media and 2) a method of
encrypting information on local storage media.

As you can see above, my threat model is neither comprehensive, nor is
it fully informed. But, it's pretty much the same story for a lot of
folks. I have learned over the past several weeks, that key management
is potentially a vulnerable point... I kind of suspected this, but after
hanging out in irc for a bit and tor, I'm kinda freaked out that it's a
more widespread problem than most folks realize - trojans are everywhere
:).

> If you simply want a secure way to communicate with people that you
> know without others being able to snoop on the conversation, there are
> other, arguably better, and certainly easier, solutions. PGP has its
> use cases, but unless we know why you want to use it, it's nearly
> impossible to give you good advice.
>
> More below.
>
> On 04/01/2017 07:10 AM, Will Senn wrote:
>
>> 3. I've read
>> https://superuser.com/questions/466396/how-to-manage-gpg-keys-across-multiple-systems
>>
>> and other such pieces proclaiming the value of having the master key in
>> a safe place and having subkeys on your actual devices.
>
> What do you think a master key is, and why do you think it's important
> to protect it? What kind of devices do you want to put signing subkeys
> on? Why do you think that your use of PGP will be more secure if you
> have a signing subkey on a device, instead of your "main key?"
>
Neal pretty much spelled out a reasonable answer to these questions, but
I'm not having much luck signing with subkeys, so I'm not convinced this
is worth the headache and increased complexity of key management.

>> 4. Is it safe to refer to my public key/fingerprint information as I did
>> in the previous question with output from gpg?
>
> In what way(s) do you think it could be unsafe?
>
> Doug
>
After some thought and additional input, I don't think it is unsafe. But
I was curious if my slightly informed perspective would bear up to
additional scrutiny.

Thanks,

Will


_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

signature.asc (817 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: some beginner questions

William Senn
In reply to this post by Neal H. Walfield
On 4/2/17 2:00 PM, Neal H. Walfield wrote:

> At Sun, 2 Apr 2017 11:20:16 -0700,
> Doug Barton wrote:
>> On 04/01/2017 07:10 AM, Will Senn wrote:
>>> 3. I've read
>>> https://superuser.com/questions/466396/how-to-manage-gpg-keys-across-multiple-systems
>>> and other such pieces proclaiming the value of having the master key in
>>> a safe place and having subkeys on your actual devices.
>> What do you think a master key is, and why do you think it's important
>> to protect it? What kind of devices do you want to put signing subkeys
>> on? Why do you think that your use of PGP will be more secure if you
>> have a signing subkey on a device, instead of your "main key?"
> Your main key is a unique global identifier.  It is what you write on
> your business card and what you compare to validate a key.  If it is
> compromised, then you need to revoke your main key and generate a new
> one.  This means you have to throw away your old business cards and
> inform all of your contacts that you have a new key.  If a subkey is
> compromised, then you only need to rotate the subkey, not the whole
> key.  In other words, you don't have to throw away your business cards
> or inform your contacts that something has changed: their OpenPGP
> implementation will automatically learn about the changes the next
> time your key is refreshed.
>
> In short, the main key acts as a level of indirection, which separates
> your identity from your encryption/signing keys.
Sounds like what I was led to believe to be the case, but at the end of
the day, I don't seem to be able to sign anything with the signing
subkey if the master key is not present (with sec instead of sec#). Do
you know how I get it to use the subkey (the manual says it will default
to a signing subkey, but that's not my experience).

Thanks,
Will


_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

signature.asc (817 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: some beginner questions

Doug Barton
In reply to this post by William Senn
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 2017-04-02 16:18, Will Senn wrote:

> On 4/2/17 1:20 PM, Doug Barton wrote:
>> Some answers below, and you've already received some good answers, but
>> I have some more fundamental questions. :)
>>
>> First, and an important question for security-related stuff generally,
>> what is your threat model? In other words, what dangers are you
>> guarding against by using PGP? You mention evangelizing your key, and
>> asking how to get more people to use PGP with you. Those are
>> reasonable questions, but the first is the most important.
>>
> Doug, interesting term "threat model". I've seen it a few times and
> wasn't sure what it meant. Thanks for the simplified explanation. It's a
> piece of technical jargon that is part of the difficulty I saw with
> learning the OpenPGP terrain. While security folks probably dig the
> lingo, for the lay person, it's, well, interesting... I perceive my
> threat model as being 1) a risk that someone other than my intended
> recipient will gain access to information that I am sending to my
> intended recipient

Ok, for that scenario you probably don't want PGP. You probably want an
application like Signal. When PGP was invented there was nothing else
like it available. Nowadays that's not true. If you are interested
strictly in one-to-one communication, or one-to-many, Signal is a better
choice in the sense that it's much easier to use, much harder to get
wrong, and easier to get friends to opt into.

>  2) a risk that someone other than me will gain
> access to information that I want only to be accessible to me.

For that you DO want PGP, and a key can be useful, but is not necessary.
Symmetric encryption will work just as well for this use case, and is
simpler.

> I envision the solution, based on my understanding of available
> (affordable) technologies as being 1) secure method of transmitting
> information asynchronously over public media and 2) a method of
> encrypting information on local storage media.

Yep, that's about right.

> As you can see above, my threat model is neither comprehensive, nor is
> it fully informed. But, it's pretty much the same story for a lot of
> folks. I have learned over the past several weeks, that key management
> is potentially a vulnerable point... I kind of suspected this, but after
> hanging out in irc for a bit and tor, I'm kinda freaked out that it's a
> more widespread problem than most folks realize - trojans are everywhere
> :).

Yes. Key management takes dedication, and knowledge. It's easy to get
wrong, and not easy to get right. Using a purpose-built app like Signal
avoids that problem.

>> On 04/01/2017 07:10 AM, Will Senn wrote:
>>
>>> 3. I've read
>>> https://superuser.com/questions/466396/how-to-manage-gpg-keys-across-multiple-systems
>>>
>>> and other such pieces proclaiming the value of having the master key in
>>> a safe place and having subkeys on your actual devices.
>>
>> What do you think a master key is, and why do you think it's important
>> to protect it? What kind of devices do you want to put signing subkeys
>> on? Why do you think that your use of PGP will be more secure if you
>> have a signing subkey on a device, instead of your "main key?"
>>
> Neal pretty much spelled out a reasonable answer to these questions,

He didn't, actually. He parroted some text about them, which is more or
less correct. Also, you didn't answer my questions. :)  But I'll play
along for fun ...

> but
> I'm not having much luck signing with subkeys, so I'm not convinced this
> is worth the headache and increased complexity of key management.

It's not really that hard to do, what kind of problems are you having?
The instructions at https://wiki.debian.org/Subkeys are better, as is
the explanation. It would also be helpful to know what version of GnuPG
you're using.

I followed the instructions there and was able to successfully load the
exported key into roundcube (which I'm sending this message from to
verify that it works for others besides me) and K-9 Mail for Android
(through OpenKeychain).  I also tried moving my gnupg directory aside
and importing the exported signing-only subkey with the expected
results.

However, that still doesn't address the "issues" with this approach. It
only works for signing, if you want to be able to decrypt messages sent
to you on your devices then you need to keep a copy of your encryption
subkey on them as well. Personally, I would argue that is a much bigger
risk in terms of compromise, as people being able to send messages
signed by my key would be an annoyance, sure. But people being able to
decrypt things that I wanted to keep secret could be potentially
devastating.

That said, as long as you have a suitable passphrase your risk of key
compromise is really, really minimal, even if they did get total control
over your device. Barring coercion, the chances of someone guessing your
passphrase is near zero. And currently that's the only way to gain
access to a secret key, even if you have it in your possession.

But let's say that the worst happens, and your device is compromised by
the bad folks, and they gain control of your key as well. Let's even use
a signing-only subkey for this scenario. Now, your attackers have access
to your full list of contacts, and your e-mail (so that they can get a
solid idea of how you write). Then they send the following message to
everyone in your contact list (assume for the sake of argument that the
following is written in something close enough to your personal style to
pass with your friends and family, etc.):

Woah, dude, major bummer! My phone got stolen! Totally bogus! Not only
that, but my PGP key was on it, and now they have that too! Sucks, man!
So here is my new key fingerprint. Please download it ASAP, revoke your
signatures on my old key, and mark it as bogus! And definitely, if you
get another message from me signed by this key, DON'T TRUST IT! That'll
be the hackers, man!

Of course, the new key that they send the fingerprint for will be one
that they have created, with all the same UID information, etc. Now this
won't fool everyone of course, there will be some of your correspondents
who will want to verify with you, some who won't act because they don't
know what you're talking about, etc. But the usual stated goal of using
a separate signing-only key is to protect the reputation of your
certification key, and to avoid having to create a whole new key in
response to a compromise. My argument is that in the unlikely event that
the bad folks get control of your secret key (of any flavor) there is
more than enough damage that they can do with it, even if they don't get
your certification key.

Now beyond THAT, you stated that your goal is to be able to ENCRYPT your
communications on your devices, and presumably that means to decrypt as
well. You can ENcrypt using just the recipient's public key of course.
But you can't DEcrypt unless you have your own encryption subkey on the
device. See above for why that's a much more significant risk (IMO). In
light of that requirement, a sign-only subkey doesn't get you much, and
given that with a good passphrase it's essentially impossible for them
to compromise your key, even if they do get it, you're adding complexity
for little, if any, benefit.

I could go on, but I'll let you respond first in case I've already said
enough. :)

hope this helps,

Doug
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJY4erMAAoJEBkT4LHp40of9CYH/1/p+3yZsH59ZJ6QvoNLrPLl
R/Xl29d+2zXjBM+EyBaYg+Gp2Hst3Wa46jBr3U0zkHYxXvZon/dRSr1VOP//xCk3
ke4E/FeUd9SSC//c380QQPpw5hKBjyg7UX7fP44wl8NgEEalaeY+R44ii4c0h6Kz
eYo4R7RS3piy6J79p4BdQihld/ZggT7JGZ2Z3+pk6X8MZ3pRSQ9ZKbYvHI8IgX8B
pGEYpKQqHb/QOzhLZkqGlhtN0ozSuGySH4aO7giH3b/s8cl3jSSnJqSiTV2lIViy
BrZ5YoI3ADVZr9mXXH3R+Ukzkp6gtcXExDnE1BSSSA4L74x2TxIZyJtoShU6ElI=
=mXI9
-----END PGP SIGNATURE-----


_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: some beginner questions

Neal H. Walfield
In reply to this post by William Senn
Hi,

At Sun, 2 Apr 2017 18:23:14 -0500,
Will Senn wrote:
> but at the end of
> the day, I don't seem to be able to sign anything with the signing
> subkey if the master key is not present (with sec instead of sec#). Do
> you know how I get it to use the subkey (the manual says it will default
> to a signing subkey, but that's not my experience).

It would be good if you good show us what you are doing.
Specifically, what your key looks like (gpg -k KEYID), and the
commands you are using to sign a message, and the actual output.
Also, it might be helpful for us to know the version of the gpg and
what OS you are using.

:) Neal

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: some beginner questions

Peter Lebbing
In reply to this post by Doug Barton
On 03/04/17 08:25, Doug Barton wrote:
> That said, as long as you have a suitable passphrase your risk of key
> compromise is really, really minimal, even if they did get total control
> over your device. Barring coercion, the chances of someone guessing your
> passphrase is near zero. And currently that's the only way to gain
> access to a secret key, even if you have it in your possession.

I might misunderstand what you mean. But when somebody has full access
to your device, they can simply log your keystrokes when you type the
passphrase, and get your passphrase that way. Key compromise is very
well possible without you knowningly handing over the passphrase.

More generally, it is impossible to use GnuPG in a meaningful way on a
compromised device. I think this generally goes for pretty much all
cryptography. Different solutions limit compromise in different ways,
but to actually keep on using cryptography problem-free, I don't think
that will work.

HTH,

Peter.

--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>


_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

signature.asc (499 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: some beginner questions

Peter Lebbing
In reply to this post by Neal H. Walfield
On 02/04/17 21:00, Neal H. Walfield wrote:
> In short, the main key acts as a level of indirection, which separates
> your identity from your encryption/signing keys.

I'd like to extend this short description a bit :-). There is one
important somewhat-caveat, which is that you can't delegate the Certify
capability to a subkey. This means you always need to use the primary
key to sign other OpenPGP *keys*. Signing data can be delegated to a subkey.

HTH,

Peter.

--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>


_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

signature.asc (499 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: some beginner questions

Doug Barton
In reply to this post by Peter Lebbing
On 04/03/2017 04:16 AM, Peter Lebbing wrote:
> On 03/04/17 08:25, Doug Barton wrote:
>> That said, as long as you have a suitable passphrase your risk of key
>> compromise is really, really minimal, even if they did get total control
>> over your device. Barring coercion, the chances of someone guessing your
>> passphrase is near zero. And currently that's the only way to gain
>> access to a secret key, even if you have it in your possession.
>
> I might misunderstand what you mean.

Yes, you did. :)

> But when somebody has full access
> to your device, they can simply log your keystrokes when you type the
> passphrase, and get your passphrase that way. Key compromise is very
> well possible without you knowningly handing over the passphrase.

You are correct, but that's a different threat model than someone simply
stealing the device (which is what I wrote about). What you're
describing implies a level of sophistication and coordination on the
attacker's part that few of us are subject to, and certainly wasn't
included in what Will said he was trying to guard against.

> More generally, it is impossible to use GnuPG in a meaningful way on a
> compromised device.

Well, yeah, but, again, not relevant to my post. :)

Doug


_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: some beginner questions

Doug Barton
In reply to this post by Peter Lebbing
On 04/03/2017 04:20 AM, Peter Lebbing wrote:
> On 02/04/17 21:00, Neal H. Walfield wrote:
>> In short, the main key acts as a level of indirection, which separates
>> your identity from your encryption/signing keys.
>
> I'd like to extend this short description a bit :-). There is one
> important somewhat-caveat, which is that you can't delegate the Certify
> capability to a subkey. This means you always need to use the primary
> key to sign other OpenPGP *keys*.

We really need to stop referring to this as signing. The number of ways
that the same term is used to mean different things in PGP is a huge
contributor to the confusion on the part of new users.

Doug


_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

That which we call a rose

Peter Lebbing
On 03/04/17 15:30, Doug Barton wrote:
> We really need to stop referring to this as signing.

I agree. But it might be too late.

I used it as a means of explaining what I meant with "Certify
capability". Next time I'll somehow work into my formulation that this
should be called certification, not signing.

Similar issues:
certificate vs (public) key
ownertrust, trust and validity

I'm inclined to give up on the latter now we have TOFU. Your speech
would become truly idiosyncratic if you were to introduce Validity On
First Use in it...

Peter.

--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>


_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

signature.asc (499 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: some beginner questions

William Senn
In reply to this post by Doug Barton

On 4/3/17 1:25 AM, Doug Barton wrote:

>
> > but
> > I'm not having much luck signing with subkeys, so I'm not convinced this
> > is worth the headache and increased complexity of key management.
>
> It's not really that hard to do, what kind of problems are you having?
> The instructions at https://wiki.debian.org/Subkeys are better, as is
> the explanation. It would also be helpful to know what version of GnuPG
> you're using.
>
> I followed the instructions there and was able to successfully load the
> exported key into roundcube (which I'm sending this message from to
> verify that it works for others besides me) and K-9 Mail for Android
> (through OpenKeychain).  I also tried moving my gnupg directory aside
> and importing the exported signing-only subkey with the expected
> results.
>
> However, that still doesn't address the "issues" with this approach. It
> only works for signing, if you want to be able to decrypt messages sent
> to you on your devices then you need to keep a copy of your encryption
> subkey on them as well. Personally, I would argue that is a much bigger
> risk in terms of compromise, as people being able to send messages
> signed by my key would be an annoyance, sure. But people being able to
> decrypt things that I wanted to keep secret could be potentially
> devastating.
>
> That said, as long as you have a suitable passphrase your risk of key
> compromise is really, really minimal, even if they did get total control
> over your device. Barring coercion, the chances of someone guessing your
> passphrase is near zero. And currently that's the only way to gain
> access to a secret key, even if you have it in your possession.
>
> But let's say that the worst happens, and your device is compromised by
> the bad folks, and they gain control of your key as well. Let's even use
> a signing-only subkey for this scenario. Now, your attackers have access
> to your full list of contacts, and your e-mail (so that they can get a
> solid idea of how you write). Then they send the following message to
> everyone in your contact list (assume for the sake of argument that the
> following is written in something close enough to your personal style to
> pass with your friends and family, etc.):
>
> Woah, dude, major bummer! My phone got stolen! Totally bogus! Not only
> that, but my PGP key was on it, and now they have that too! Sucks, man!
> So here is my new key fingerprint. Please download it ASAP, revoke your
> signatures on my old key, and mark it as bogus! And definitely, if you
> get another message from me signed by this key, DON'T TRUST IT! That'll
> be the hackers, man!
>
> Of course, the new key that they send the fingerprint for will be one
> that they have created, with all the same UID information, etc. Now this
> won't fool everyone of course, there will be some of your correspondents
> who will want to verify with you, some who won't act because they don't
> know what you're talking about, etc. But the usual stated goal of using
> a separate signing-only key is to protect the reputation of your
> certification key, and to avoid having to create a whole new key in
> response to a compromise. My argument is that in the unlikely event that
> the bad folks get control of your secret key (of any flavor) there is
> more than enough damage that they can do with it, even if they don't get
> your certification key.
>
> Now beyond THAT, you stated that your goal is to be able to ENCRYPT your
> communications on your devices, and presumably that means to decrypt as
> well. You can ENcrypt using just the recipient's public key of course.
> But you can't DEcrypt unless you have your own encryption subkey on the
> device. See above for why that's a much more significant risk (IMO). In
> light of that requirement, a sign-only subkey doesn't get you much, and
> given that with a good passphrase it's essentially impossible for them
> to compromise your key, even if they do get it, you're adding complexity
> for little, if any, benefit.
>
> I could go on, but I'll let you respond first in case I've already said
> enough. :)
>
Actually, I appreciate all of the detail. I will start off with a simple
keypair that I am careful with. Based on my current understanding, if my
passphrase is known only to me, is sufficiently long and unique, if I
keep my secret key reasonably secure, and keep it local to my own
devices, I should be reasonably safe from exploit against all but the
most determined folks.


_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

signature.asc (817 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: some beginner questions

Faramir-2
In reply to this post by William Senn
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

El 02-04-2017 a las 20:23, Will Senn escribió:
...
>> In short, the main key acts as a level of indirection, which
>> separates your identity from your encryption/signing keys.
> Sounds like what I was led to believe to be the case, but at the
> end of the day, I don't seem to be able to sign anything with the
> signing subkey if the master key is not present (with sec instead
> of sec#). Do you know how I get it to use the subkey (the manual
> says it will default to a signing subkey, but that's not my
> experience).

  I keep my whole key (main and subkeys) in an encrypted container,
and use only the subkeys on a daily basis (one signing and one for
encryption). The idea was that I could carry gpg on a pendrive and if
the pendrive is lost, I could revoke the subkeys, and don't lose the
signatures on the main key. It worked on gpg 1.4.x and it works for me
on GPG4Win, the only things I can't sign are other keys (unless I
mount my whole key).

  Now, if my computer gets infected by a key-stealing virus and I
don't notice it before mounting my whole key, I'm toasted anyway. But
at least I have a chance to get a warning, and I also can read my
encrypted emails on my laptop without worrying about the keys in case
I lose the laptop.

   Best Regards

P.S: about orphan keys, I've set my keys to expire in 2 years, so if I
lose the private keys, they won't haunt me forever. I just need to
remember to change the expiration date from time to time.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBCAAGBQJY5BzGAAoJEMV4f6PvczxAJKcH/3vmRJ1YBr383P41Z681OL2J
LTelFJbwwTmp1131UKZ4C9tKHAOykt6JPErCvoGcjkVjiuScy4lto/1i4SLsTnTo
3kvGd4/k8Wpo/G8iGiFZ3hERziJhs75RNkvw4T0vTpDigHepFAHrdX2CwTl84Dk6
Cz6TMbYnLIepiESO9R9QZcdiQ36SnOy8ViuGiEeokZvYsEfigdisWVps61I7Ip+r
XRJmlEJW5GuuVtKG/DcmoOY3aocRMW0u08+jhDHaLihRiV+GrFKHaWcSLST9N3R+
GfvEU+hdoa/MMPZmFNAi/55E6RyKzTAWjegul0D+TwHN670hKwkY53HOvmhwY6o=
=6o3D
-----END PGP SIGNATURE-----

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: some beginner questions

Faramir-2
In reply to this post by William Senn
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

El 03-04-2017 a las 20:04, Will Senn escribió:
...
> Actually, I appreciate all of the detail. I will start off with a
> simple keypair that I am careful with. Based on my current
> understanding, if my passphrase is known only to me, is
> sufficiently long and unique, if I keep my secret key reasonably
> secure, and keep it local to my own devices, I should be reasonably
> safe from exploit against all but the most determined folks.

  You may also want to set an expiration date for your keys (in case
you lose the private keys and revocation certs... let's say they were
on the same hdd and it crashed), which can be edited later (only
problem is your correspondents will need to get an updated copy of
your public key to still be able to use your key). You can also export
your keys using paperkey utility, that way you can print them in an
easy to type (maybe even easy to OCR) way and store the printed
version in a safe place. I don't really care that much about my
signing key, but if my hdd crashes and I need to use my remotely
stored backups... I'll need my encryption key to open them.

 Best Regards

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBCAAGBQJY5CU5AAoJEMV4f6PvczxAI8EIAKiYCeQoNwO8qG+BhYa/th2C
ZpBctqO+uPWKuAJz40WoL6Adqn29KquI/L33TBJ+m5IOKklldtevSTgjXU7649+Q
jy5IBhSl1qhxtetiK+yzKNGFYcZ96QZNUU0U9CJIIriV57+BPIsf3kynS/wfM2P5
jQcZdLcHUkLku6WtdANNsXfHqo7fMvw+6Tfxw+rIBFPcyHonrXKKdpBuTDxdYFst
HyHhXb6hhFqurOCcKyKpGlFecfvt+0V6O4923xvQdBYIq/yBfLGU18O8OCmU6c2b
PkZcJgA+D+0V5LbOus3IAROY+14SS8o+q7gEpOnT61qhCqF1v0weCDw8AxGc8JM=
=E8Zl
-----END PGP SIGNATURE-----

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: That which we call a rose

Doug Barton
In reply to this post by Peter Lebbing
On 04/03/2017 06:57 AM, Peter Lebbing wrote:
> On 03/04/17 15:30, Doug Barton wrote:
>> We really need to stop referring to this as signing.
>
> I agree. But it might be too late.

It's never too late. Better is better. If we'd started being more
rigorous years ago, TOFU never would have happened.

Doug


_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
12
Loading...