private key protection

Robert J. Hansen rjh at sixdemonbag.org
Tue Oct 18 15:49:59 CEST 2011


I'm going to keep this as short as possible, because we've already hit
the point at which we're casting far more heat than light.

> Oddly, I don't recall Jerome ever making a statement remotely like
> "If I steal your decrypted key, ...". I only remember him stating
> that he thought, as did I, that the OP meant that he wanted ways to
> prevent people stealing his secret key material when he said: "what
> is the best way to protect your private key from getting stolen?".
> Anthony interpreted it as somebody stealing the keyring, and Jerome
> disagreed on that interpretation. As do I.

GnuPG depends on you having physical control of the hardware for the
duration of your use of the system.  If this fails, then there's nothing
GnuPG -- or anything, for that matter! -- can do to keep your secret key
material safe.

If I put my secret key on a system that is later compromised, I can
still be confident in the security of my secret key.  If I log into that
machine and use my secret key even once, though, that key needs to be
considered compromised because I've failed to uphold the absolute
prerequisite for GnuPG usage: control of the hardware during my
interaction with it.

Secret key material can only be compromised in two situations: either
(a) someone you don't trust has root on your system while you're using
GnuPG, in which case it's a game-over and the only defense is "well,
don't do that, then!", or (b) someone compromises your PC while you're
not using GnuPG and steals your private key.

(a) is true, but it doesn't lead anywhere useful.  That makes it
trivial.  Why are we even discussing a triviality?




More information about the Gnupg-users mailing list