gpg --list-sigs (root for other users)

Neil Williams linux at codehelp.co.uk
Sun Mar 7 08:14:54 CET 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Saturday 06 March 2004 11:29, Albert wrote:
> Am Mittwoch, 3. März 2004 17:13 schrieb Neil Williams:
> > On Tuesday 02 March 2004 4:14 pm, Albert wrote:
> > > How can root list or export the keys of 1 or better all user(s)
> > > on a machine without su?
> >
> > Why would you want to?
>
> For backups of a few people who don't care about security. It is not

?? If they don't care about security, why are they using a security product ??

> a question if they should trust me, they do and they asked me to do
> this!

Anyone using a secret key in this environment deserves never to have their key 
trusted! Looks like I need to add another question to my keysigning protocol. 

"Have you ever stored your secret key on any installation or media to which 
you did not (at all times) have sole access as root?"

I'd never sign a key where the owner is so casual about security. How can I 
trust the signature - it could be you or it could be the user. How can I 
encrypt to the key if the secret key is accessible to you and the owner?

> > A worthy reminder that no-one should keep a secret key on ANY box
> > where the owner of that secret key does not have root permissions
> > on the box.
>
> ACK. But is there a solution to send a signature from a foreign
> machine? Let's say you have to use an internet cafe and you have
> your keys on an usb-stick. IMO it is better to send the email
> unsigned or unencrypted than to use the secret keys on a foreign
> machine.

There are ways, yes. Keep the secring.gpg on a USB stick etc. and when the 
user wants to sign something, use --homedir to access the secret keyring on 
the removable media. If you don't keep the public keyring there, you can make 
the media read-only for better security.  If it is read-write, a simple bash 
script can update the public keyring on the workstation with keyids from the 
removable media. 

This one-liner produces a list of keyids in one public keyring:
gpg --list-keys --with-colons | grep "pub:-:" | cut -d: -f5

Then pass the output to gpg --recv-keys on the other machine to create a sync.

I just needed to do this once, so I used a Perl script to parse the content 
one-line at a time and give the gpg --recv-keys command. I'm sure someone 
here can come up with a more efficient method. (Perhaps replace \n with a 
space and tack the whole construct onto one gpg --recv-keys command?)

This way, you can still sign in a public environment without compromising your 
secret key but ONLY because your secret key never gets stored on the public 
machine.
http://www.gnupg.org/gph/en/manual.html#AEN513

The security of the removable media then becomes imperative. (i.e. do NOT keep 
the revocation certificate on the same removable media!!)

IMHO, any secret keys that are accessible to more than the sole verifiable 
owner of the key MUST be revoked as hopelessly compromised. Anyone not 
willing to keep their secret key SECRET (i.e. only available to the sole 
verifiable owner) should never have their key signed and must be strongly 
advised to change their ways or risk having their key revoked by force. (With 
the secring.gpg file in your hands, a simple dictionary attack could undo 
many passphrases on the assumption that those who care this little for secret 
key security aren't going to have chosen a decent passphrase either.)

- -- 

Neil Williams
=============
http://www.codehelp.co.uk/
http://www.dclug.org.uk/
http://www.isbn.org.uk/
http://sourceforge.net/projects/isbnsearch/

http://www.biglumber.com/x/web?qs=0x8801094A28BCB3E3
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAStoCiAEJSii8s+MRAlODAKCESI2eSy3TqcdJxJR9Q6WT0BDNwgCgiThs
kjC9TriCce6h58nCmx7DfV4=
=HOLs
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list