Generating and storeing keys on usb pen

Henry Hertz Hobbit hhhobbit at securemecca.net
Wed Apr 25 17:18:05 CEST 2007 

On Mon, 2007-04-23 at 13:46 -0400, David Shaw wrote:

> On Sun, Apr 22, 2007 at 01:42:37PM -0700, rocko wrote:
> > I want to generate a new key pair, but i want to save it to 
> > a usb pen drive so i can keep it safe.
> > I don't want any gpg keys stored on my laptop, in case it gets
> > lost or stolen, the culprits won't have access to my gpg keys.
> 
> There is an incorrect assumption underneath this question.  GPG keys
> are stored on a usb drive in exactly the same format they are stored
> on a laptop: encrypted.  (Well, encrypted by default - if you didn't
> explicitly remove the passphrase, they're encrypted).
> 
> My point is that storing the keys on a usb drive doesn't change
> anything if the keys are lost.  If someone steals your laptop, they
> have the encrypted keys.  If they steal your usb drive, they have the
> encrypted keys.  There is no difference.  Either way you cut it, the
> thief has an encrypted copy of your key.  Unless the thief can figure
> out your passphrase, the key is useless to him.
> 
> It's quite a bit easier to lose a usb drive than it is to lose a
> laptop...

I must preface this with the statement I do not even OWN a USB
pen drive.  That does NOT mean I don't see the advantages of having
one.

Your last paragraph is true but only partially complete. It is easy
to slip that USB pen drive into your pockets or put it some place
else like that to keep it safe. But a lap-top isn't easily stuffed
into pockets. In addition to losing (and it is easier to lose the
USB pen drive than it is to lose a lap-top) which ever, the other
half of the original statement is what you had was stolen. Thieves
usually don't steal USB pen drives; there is almost no market for
stolen USB pen drives. Lap-tops are one of the most stolen items
out there; there is a BIG market for stolen lap-tops.  If your
lap-top gets stolen but you have the USB pen drive, you still have
your keys, safe and sound.

Keeping your keys on a USB pen drive has the additional benefit that
you can use them on multiple machines without having multiple copies
of the keys and the problems inherent with keeping the multiple copies
of your keys in sync. So as long as you make backups of your keys
(and put the backup in a safety deposit box) and keep the working
copy on the USB pen drive, the likelihood of you losing control of
your keys is probably lower.

So your keys were on your lap-top and it got stolen, or they were on
your USB pen drive and it got lost.  Now what do you do?

1. Continue using the existing keys because you planned ahead
   and pulled the copy from your safety deposit box and restored
   them to your new lap-top.

2. Same as number one, but you change your pass-phrase, and you
   upload that to the key servers.  Is this really necessary?

3. Sit there and twiddle your fingers and thumbs because the only
   copy of your keys you had were on that lap-top or USB pen drive
   and that is the only copy you had.  You didn't make a backup.
   You made a revocation file, but you don't have the keys any
   more.  You took the default TTL which is your keys will live
   forever, and you uploaded the keys to the key-servers.  So
   you make a new set of keys.

The thrust is that a USB pen drive is no better than a lap-top.
The FBI of the US has had anywhere from 100 to 1000 lap-tops
that have gone missing (it is hard to pin down actual numbers):

http://tinyurl.com/38hsvh
http://www.cnn.com/2007/US/02/12/fbi.laptops/index.html
http://msn-cnet.com.com/8301-10784_3-6158839-7.html

Don't depend on JUST a USB pen-drive.  Do the rest to be
complete:

[a] Make a backup of your keys and store the backup in a
    safe place where it is hard to lose it, like in a
    safety deposit box.

[b] Create a revocation file for your keys and also
    store it in a safe place.

[c] Give your keys a expire data rather than assuming
    they will be good forever.  Be sure to have your
    day planner or what ever else you use give warnings
    when the time comes to decide whether to change
    the expiration date of the keys or say goodbye to
    them and create a new set of keys.  Give yourself
    plenty of time; one to two or even three months
    before they expire is good.  This takes on even
    more importance if you upload your keys to a
    key-server.  Sure, you will have problems if
    you just created the keys and uploaded the keys to
    the key servers, but I would much rather live with
    that mistake for 2-3 years, rather than forever.

[d] Encrypt the entire hard disk drive on your lap-top.
    PGP Corporation makes this a part of their product.
    There are also other good Gnu options for doing this.
    Search the archives of this news group for the other
    options.

But David Shaw is correct; you don't buy a lot more
protection by moving your keys from the hard drive to
the USB pen drive if that is all you do.  The keys ARE
encrypted.  You just buy yourself less grief if the
lap-top is stolen or damaged to the point that it can't
be recovered. Those (damage, stolen) are far more likely
to happen to the lap-top than it getting lost.

HHH

More information about the Gnupg-users mailing list