invalid gpg key revocation

Hauke Laging mailinglisten at hauke-laging.de
Tue Mar 6 21:14:56 CET 2012


Am Dienstag, 6. März 2012, 19:36:07 schrieb auto15963931 at hushmail.com:

> I agree that user error is a possibility, but I am not certain how
> to prove it. I can reproduce another public key just like the one
> that was revoked except using a different name.

I do not see any possible user error during key generation which might lead to 
this except for the generation of very short keys. AFAIK gpg offers a minimum 
of 1024 bit now and 512 bit has been possible earlier. 512 bit could have been 
cracked.


> I have to reiterate, but not eliminate the posibility, that someone
> having access to this machine is extremely unlikely.

This is not primarily meant as physical access.


>  I have a good deal of anti-malware and firewall protection.
> Impossible, no; improbable, highly so.

Anti-malware software ist usually easy to circumvent. You create malware and 
play with its compilation parameters until none of the 10 most popular 
scanners can detect it any more.

Chances are better to limit the access of hijacked software to critical data. 
And that doesn't help against kernel bugs.


> Looking at this instruction, I think you assume that I have
> imported the revoked key onto my keyring. I have not done so.

You really should.


> On my keyring is the valid key, which is not revoked.

If there is a valid revocation signature out there it does not make any sense 
not to revoke the local copy of the key.


> When I do a search and view the
> result online, I can see my key ID number and user ID plainly
> identifying this key as having now been revoked.

How can a user ID identify a key as being revoked? I don't use key servers 
often. What I know from regular discussions here is that most key servers 
don't implement crypto functions. Thus they may show a key as revoked because 
they have not realized that the revocation signature is invalid.


> I am reluctant
> to import the bad one because it might mess up the good one.

There are not "a good one" and "a bad one". There's an updated one and an 
outdated one (your local copy).

You can always delete signatures locally. Besides you can make a backup of 
your key, import the revoked one, have a look at it and at worst delete the 
key and import your backup.



> > Can you confirm that?
> 
> I have generated the key on my main PC, which, as far as I know,
> and I am no slouch when it comes to security (and, no problem, :) I
> do not think you suggested I am). My machine is well protected with
> firewall and antimalware.

I am interested in software security (not an expert, though) but I would never 
consider the key I use to sign this email being safe. I mention that in my 
signature policy. I have different keys for different security levels.


> I do not make documents on one
> machine, save it to CD and move media to another machine for using
> on internet.

You probably don't even use a seperate user account for key handling.

You don't have to be paranoid but you should accept the consequences of 
security compromises.


> If my machine has been compromised in any way, I need
> to ascertain that much and fix it.

You cannot fix your machine in a way that you can be sure this will not happen 
again. You have to determine the risk and effort you are willing to take. 
Maybe a smartcard is an improvement for you (and no, using a smartcard does 
not guarantee that unwanted signatures cannot be created).


> Still, I find this possibility extremely unlikely in all honesty.

I guess you won't find many on this list who share that view.


> Nevertheless, I am perfectly willing
> to use a different software to try to reproduce another key, and I
> am perfectly willing and capable of using the CLI of gnupg if need
> be; in this way I can be sure that the program itself is not
> responsible.

How do you want to reproduce attackers' behaviour? If your next key does not 
get revoked by someone else then you are sure it is safe?

You may create a new key (in a secure environment) with an offline main key 
with a secure and individual passphrase (hard task not to forget it). That 
would give you a lot of security that your key is not revoked by someone else. 
But it will not make your subkeys safer (and thus your signatures more 
trustworthy).


> I have created a key in a manner that I believe is
> secure. If it can be revoked, what else can be done with it?

Most probable signatures can be faked and data encryped to this key can be 
decrypted. New subkeys and UIDs can be created. The preferred key server can 
be changed so that people "never" see the revocation.


> I need to fix my mistake so that it does not happen again.

Above you refused to do so because it was too much effort for you.


Hauke
-- 
PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 555 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20120306/9f28f0e9/attachment-0001.pgp>


More information about the Gnupg-users mailing list