PGP and Smartcards?

Zeljko Vrba zvrba at globalnet.hr
Mon Jul 25 16:26:49 CEST 2005


Felix E. Klee wrote:
>
> Huh? AFAICS, in general it is more important to have the subkeys on a
> smart card than the master key.  After all the master key can be stored
 >
But then you cannot commit a mortal sin of using GPG remotely ;)

Seriously, I think you have a very strong point in case of keeping the
subkeys on the smart card (btw, this will be possible too with the
PKCS#11 patch).

I carefully chose my passwords so that they have ~50 bits of entropy,
using my own utility for the purpose, of course :)
http://freshmeat.net/projects/secpwgen/

This key length won't stop NSA but will stop 95% of attackers. For the
other 5% I do not worry because I'm not dealing with highly-sensitive
data. This is a conscious trade-off security vs. comfort on my side.

Having your frequently used keys on the smart-card.. has some disadvantages:
- you can't use it remotely (yes, I know, it's bad for security, but I'm
comfortable with it since I've defined my threat model)
- maybe you'll want to access your mail from some computer on which
you're not allowed to install the smart-card reader and its drivers
(although it is questionable whether you SHOULD decrypt something on the
computer you're not in charge of)

I have been employed at a real-world PKI deployment - a national CA in
fact. And esp. the 2nd point was one of the major complaints from the
users about smart-cards. Another frequent problem was locked smart-card.

With smart-card it is much easier to perform the denial-of-service on
you than with file-based keys. Say you go on a business trip.. someone
steals your smart-card and you can't do business. Or even worse,
irreversibly locks both PINs so that the card is effectivly unusable.

So, personally, I'd rather have one long-lived master key on the
smart-card, get as many people as possible to sign it, and use *that*
key to sign my other (shorter-lived) keys. The same scheme I'm also
using now, but not with the smart-card. In the hope that I'll never go
through the inconvenience of revoking my master key (which, of course,
has much stronger passphrase than my 'regular' keys).

Of course, it all depends on your threat model, the value of information
  you are protecting and the minimum desired secrecy lifetime.

Best regards,
   Zeljko.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 254 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20050725/f62463be/signature.pgp


More information about the Gnupg-users mailing list