Ideas for private key management interface

Joachim Breitner mail at joachim-breitner.de
Tue Aug 17 14:08:56 CEST 2004


Hi List,

it has become more and more common to have "complicated" setups with
regard to private keys and their subkeys. For example, it is reasonable
to have the primary key exported to a usb stick (and only there), the
encryption subkey is printed out for backup reasons and then moved to
the GnuPG smartcard and the signature subkey is created on the GnuPG
smartcard. Currently, creating this kind of setup is not as easy as it
could be, so I thought about how the interface could be unified. This is
not thought all the way through and meant as a request for discussion.

* Idea of several private keyrings.
For example, I might have keys or subkeys with low security requirements
in ~/.gnupg/secring.gpg. More important keys are on my usb stick which
might or might not be mounted at /mnt/usb, and some subkeys are on my
gnupg card. So, I'd like to have options like that:
  --secret-keyring: specifies secret keyrings that have to be there
  --optional-secret-keyring: same, but don't complain if it is not there
  plus some option for accessing the smart card
GnuPG should then have a look in all of the current available secret
keyrings and "merge" all the subkeys in there, i.e., the user should be
able to spread his primary and subkeys all over the different keyrings
and gnupg just uses what it needs.

* A proper interface for managing primary/subkeys
In the interface of --edit-keys, I should see on what ring(s) the
different subkeys are currently stored. When I then select a subkey (or
the primary key), I should have a command (maybe "locations") where I
can check or uncheck the different places the key should be. This way I
can move, copy or delete single primary or subkeys. When creating a
subkey, I want to be asked in what keyring it should be created, so I
can create a key on the smartcard, using the same interface.

A use case:
I start with my current key, which is well signed, and I don't want to
loose these signatures. Then I put my smartcard options as well as 
"optional-secret-keyring /mnt/usb/top-secret.gpg" in my options file. I
touch this file, so that gnupg uses it (otherwise, it might be ignored
as "optional"). I run gnupg --edit-secret-keys 0xMYKEYID. GnuPG tells me
about the subkeys I have and where they are located (all in my normal
keyring, of course).
Selecting the primary key with "key 0" or something, and running
"locate" and selecting the usb-keyring, and unselecting the normal
keyring, I move the primary key to the usb stick. I do the same with the
"old" DSA encryption&signature key.
I create a RSA encryption key in usb keyring (where I need it for backup
reasons), and then copy it to the smartcard using "key 2" and "locate"
or something.
I create a RSA signature key on the smartcard. Of course, I can't move
that key anywhere else, but I don't want to anyways.
The public keys are stored just as ususal, of course.


What do you think? I hope this is not over-engineered, and it might
already be obsolete by other ideas.

Thanks for your attention

Joachim

-- 
Joachim "nomeata" Breitner
  mail: mail at joachim-breitner.de | ICQ# 74513189 | GPG-Key: 4743206C
  JID: joachimbreitner at amessage.de | http://www.joachim-breitner.de/
  Debian Developer: nomeata at debian.org
Please avoid sending me Word or PowerPoint attachments.
See http://www.fsf.org/philosophy/no-word-attachments.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : /pipermail/attachments/20040817/d62492e2/attachment.bin


More information about the Gnupg-devel mailing list