offline primary keys

Werner Koch wk at
Wed Sep 24 09:20:14 CEST 2014

On Tue, 23 Sep 2014 23:51, dkg at said:

> functional and easy software path to use it would certainly increase the
> likelihood of uptake.  There is a bit of a chicken and egg problem here.

Changing this in GnuPG is really easy as would a change to 8k RSA keys
be.  But I do not think that this is a good idea.  And frankly we have
other areas which needs more love that some (now) geeky features.  There
are already way too many features and I should have spend that time for
usability things.

> fwiw, there is security to be gained just from moving the master key to
> a USB stick without any screen or keyboard -- just having the key be
> inaccessible when the USB stick is unplugged defends against one whole

You assume that the machine is clean and not compromised.  Well, then
you can just keep the key on the disk.  After all it is passphrase
protected and thus not useful unless the machine is compromised.

> Stepping up from there, using a GnuK or a Neo OpenPGP device without any
> physical UI makes the key itself inaccessible even when online, and
> reduces attackers to just making requests but not stealing the key itself.

I fully agree and UX improvements should take this in account.  For
example if a card reader is detected a GUI based key generation dialog
may ask whether the key shall be put on a card.  That is making support
for those tokens more visible.

> an upgraded GnuK or Neo with a single LED lamp (for "i have been asked
> to make a signature") and a single button (for "ok, make the signature")
> is still more of an improvement.

Good suggestion.

> As for Ximin's goals: I think the transition process could look like this:
>  0) add a signing-capable subkey
>  1) remove signing-capability from primary key
>  2) move primary key offline

IMHO this is worthless.  If this would go mainstream, malware will
adjust for this scenario immediately.  You need to create the high-value
primary key on a dedicated offline device.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-devel mailing list