multiple subkeys and key transition
j-001 at ottosson.nu
Thu Dec 9 20:22:07 CET 2010
On 10 Dec 2010 at 4:18, Ben McGinnes wrote:
> On 10/12/10 3:58 AM, J. Ottosson wrote:
> > On 10 Dec 2010 at 2:55, Ben McGinnes wrote:
> >> As the smartcard isn't on the agenda for me at all, I'll base my
> >> decision on security rather than convenience.
> > If smartcard is not on your agenda you are certainly not basing your
> > decision on security.
> And you're basing that assessment on what?
> I know where all the physical media containing a copy of my secret
> key(s) are and I control all the hardware that can access them.
But you do know what purpose a smartcard type of device is for, right?
Protection of some kind of data, most often a key or several of them. We use
hardware security devices of various sorts in many situations where high
security is a requirement. We use them for tokens, crypto keys and we use them
in systems processing our PIN handling in the financial systems etc (like the
IBM 4758 etc).
Since protection of the private key is the single most important issue for any
openpgp user, it is very natural to think about smartcard, since it is the best
way to protect a key from disclosure.
Then, after having made the analysis of threats and cost one may opt to not use
it anyway, as most of us do, at least partly and for some keys.
Unless you are using some kind of trusted computer system you simply do not have
that kind of control over what is or is not done on your computer.
Then when it comes to media that the key is written onto and has ever been
written onto, well that's often a bigger issue than most people tend to think.
Anyone having used EnCase and tools alike it know what I mean. It all depends,
partly on luck, if someone raids your home, if you're owned or not. Do you
remember any old floppys that your earlier keys were ever saved to? Most don't.
It all comes down to what opponent we're having. So, it's partly a question
about what threat model we're sitting in. A normal user like you and me are in
most circumstances ok with an ordinary keyring on a portable USB stick or
perhaps in a Truecrypt container for extra protection but others are not.
And I've been attending tempest lab tests too, so I'd say that most anything
many users think is impossible or only happens on film is not even close to the
limits of what some TLAs are readily doing.
A clue on that can also be picked up by looking at the counterintel procedures
for sigint by the KGB during the cold war. If those types of guys are after you,
a hardware security type of device is of limited protection to you too btw.
I can say this much, there exist smartcard research papers today, that are
classified since a decade back or more and not seen by more than 10-20 people,
and they are so for a reason.
So actually, nothing is safe come to think of it. But that't too depressing so
we pretend smartcards are, from a practical perspective.
A few related links:
More information about the Gnupg-users