trusted keyring storage

Werner Koch
Fri, 17 Sep 1999 09:32:50 +0200

Jim B <> writes:

> Now I'm running Linux and looking for a decent mechanism to store my keys,
The only keys you have to be concerned about are the secret keys in ~/.gnupg/secring.gpg.
> mount it only when necessary, but I'm wondering how much trust I would be
> able to put into the usual filesystem security (i.e., permissions) to
Permissions work (and GnuPG always fixes the permissions of the secring to be 600 so that only the user can read/write them). However with a bad password or a system which allows for remote root access (most systems do as there are always some bugs - the most current ones are the ProFTP bufer overflows - really bad). So you better don't allow any remove services - except for ssh - on your machine. But everone wnats FTP and such stuff. No real solution for a networked box.
> little weary of putting keyrings on any networked machine. I guess my real
> question is, "Am I being too paranoid?" :)
It depends on how much security you need. Use a GOOD passphrase for your secret keys and use tripwire to check your system for modifications. This makes the life of an attacker much harder and he has to spend a long time doing a dictionary attack on your stolen secret keyring. Some solutions to overcome these problems are : 1. A hardware device to handle all sensitive crypto stuff (i.e storing the secret key and performing all the actions where a secret key is involved. This one has to be enbaled only with direct physical access (a keyboard for entering the passphrase) 2. Store a part of the secret key on a small device which you can carry around. 3. Use symmetric crypto for important messages, find a way to exchange the keys on a non-electronic way and chnage them often. This has the advantage that a stolen key can only be used to decrypt the the messages encrypted with this key. On contrast a stolen secret key (and cracked passphrase) enables the attacker to decrypt all messages you have ever encrypted using that key. 4. To protect your investment in key signatures, don't put them onto your normal key but on a "high security" key which you only use for certifiying other keys. I do exactly this: I have this secret key not online but on a floppy stored on a more or less secure place. When I am going to sign keys, I copy them onto my laptop, unplug the laptop from the network, hope that there is no trojan installed on it, import the key to sign, insert and mount the floppy with the secret key, do a "gpg --secret-keyring /floppy/secring-gpg --edit foo", sign the key, umount /floppy, get the network back, transfer the key to the desktop box, unplug the laptop and send the signed keys to their holders. Ah yes, and I signed my regular key with the "high security" key and hope that everyone trusts me enough to set the trust parameterof my regular key to full. The last point will probably be fixed by automatically transferring the validity of a key to a key which has some special properties (maybe it is sufficient to use a revication key for this - I have to think about this) My 2 cents on this problem. [did you notice, that we Europeans can now use the same phrase as the Americans (for the UK: s/cents/pence/ :-)] Werner -- Werner Koch at keyid 621CC013