gnupg clearsigning question

vedaal at vedaal at
Thu Dec 28 16:14:53 CET 2006

>Message: 6
>Date: Thu, 28 Dec 2006 00:30:43 -0500
>From: David Shaw <dshaw at>
>Subject: Re: gnupg clearsigning question

>DSA signatures contain random data, so even if you hacked around 
>timestamp problem, the signature would not match.  RSA signatures 
>not contain random data.

this might be very useful, 
and work out better without any special features

> why on earth would you want to construct such a 
>massively convoluted  way, 
>involving hacking around the clock on your computer

the issue is the 'keyfile'

keyfiles are problematic, in that they have to be stored 
and if an attacker gets the storage media where it is stored,
then measures must be taken to prevent recovery of the keyfile by 
the attacker

there are four general ways to do this:

(1) the simplest:
just encrypt the keyfile, and decrypt it when necessary
(the problem is that this calls attention to itself, by having an 
encrypted file present, and authorities can demand the key, or the 
session key, and recover the file)

(2) the most secure, (but most tedious):
have a folder of 7776 small textfiles, each having a diceware word 
as one of the filenames,
and select a group of keyfiles the same way that a diceware 
passphrase is selected
(the problem here is, that truecrypt keyfile selection does not 
behave like word selection in a passphrase,
since the order of selection of keyfiles is not important,
and a keyfile cannot be used more than once,
so, while a passphrase of 'r' diceware words has a complexity of 
a similarlry constructed selection of keyfiles,
has a complexity of only (7776 C r)  =  [(7776!) / (r!)([7776-r]!) ]
(btw, anyone want to provide a table of how many more keyfiles are 
necessary for equivalent complexity?
i.e.  to achieve a complexity of a 6, 10, or 20 diceware word 
passphrase, how many diceware keyfiles would be necessary?)

(3)the gnupg signing way,

ideal, in that the keyfile is not present anywhere,
and cannot be constructed by anyone without the secret key,
and even if that is given up, the exact correct time needs to be 

(4) the workaround i use now, (i think it's reasonably ok,
[electron microscopy file recovery is not in my threat model ;-)], 
but i invite comments/criticism/suggestions):

create a textfile by copying a selected part of the gnupg manpage,
(present on the usb drive together with a gpg2go setup)
and then typing in a diceware passphrase on a separate line,
and using the resultant textfile as the keyfile,
and wiping it after use



Concerned about your privacy? Instantly send FREE secure email, no account required

Get the best prices on SSL certificates from Hushmail

More information about the Gnupg-users mailing list