How to back up my key

Martin martin.brochhaus at gmail.com
Tue Jul 16 01:03:54 CEST 2013 

Hi Einar,

many thanks for your detailed answer! That's quite re-assuring, indeed!

Now I have to walk down yet another rabbit hole and read up about secure
cards :)

I was indeed planning to have a master key and sub keys but I didn't want
to complicate this thread too much, I will open another thread with more
questions about this topic soon.

Questions b) and c) remain unclear, though:

b) If I assume that a machine is compromised, do I have any chance to use
GPG? Entering my password (keylogger) and using my private key (trojans,
remote control malware) would enable an attacker to gain access to my key,
right? Are secure cards the only solution to this problem? Maybe I should
simply not use compromised machines when using GPG :)

c) Are there major concerns about backing up my TrueCrypt container on
Dropbox? I could even encrypt it further and put it into an encfs container
(which I am already doing when I use Dropbox). I have read blog posts where
people say that they even put their private master key openly into the wild
because it has a strong passphrase and strong encryption anyways.

Cheers,
Martin




On Mon, Jul 15, 2013 at 5:20 PM, Einar Ryeng <einarr at pvv.org> wrote:

> On Mon, Jul 15, 2013 at 03:25:15PM +0800, Martin wrote:
> >
> > I'm new to GPG and unfortunately, the longer I browse the internet and
> read
> > about the topic, the lesser I know :(
> >
> > I would like to hear your opinions on this setup:
> >
> > 1. I have turned my Raspberry Pi into my super secure offline computer.
> >
> > 2. I will create my GPG keys on this system and store them on a USB drive
> > inside a TrueCrypt container.
> >
> > 3. I would like to have further backups of that drive, who knows, it
> might
> > get damaged some day and I don't want to lose my key that way.
>
> So far so good, with a couple of minor modifications. And i sort of agree
> with
> you on the TrueCrypt stuff, it's always better if people just erase USB
> drives
> they incidentally find. However, you probably shouldn't carry your keys
> around
> like that anyway.
>
> > My questions are the following:
> >
> > a) Do you see any flaws in that setup?
>
> Not exactly flaws, but I would have done some minor changes/additions:
>
> When you create a key pair, you create one master key and one or more
> subkeys.
> The master key is the one that should be used only in a safe environment.
> This
> key is used for operations on your private keys (revoking, making new
> subkeys,
> etc) and for signing other people's keys. All of these are relatively
> infrequent operations, except signing other keys which you propably will do
> quite frequently until your key is well connected to those you communicate
> with.
>
> Therefore:
>  1) 1 USB drive that will ONLY be used in the secure environment,
> containing
>     your master key and all subkeys.
>  2) A backup of 1), also ONLY for secure environment.
>  3) A USB drive or some other means to transfer your subkeys for
> encryption and
>     signing to your laptop.
>
> If you suspect your laptop has been compromised, someone may have gained
> access
> to your encryption and signing subkeys, which means that they can act as
> you.
> Luckily, because your master key is safe, you can just revoke your subkeys
> and
> create new ones. Your web of trust connections to anyone else will not be
> affected, except that they need to fetch the new version of your keys from
> the
> keyservers. On the other hand, if someone compromises your master key, you
> would
> need to go another round signing people's keys.
>
> To be a bit more paranoid, or to allow for using GPG on computers you don't
> trust as much as your own laptop, you can use a hardware RSA implementation
> like the CryptoStick from the German Privacy Foundation. These can contain
> keys
> which cannot be extracted without physical access to the key and a quite
> laborous process at a fairly decent electronics lab.
>
> (Btw, you also want to create revocation certificates for your key when
> you make
> it, just to be certain that you're able to revoke it if you should come to
> lose either your key or your passphrase.)
>
> Cheers,
>
> --
> Einar Ryeng
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20130716/3df2afd0/attachment.html>

More information about the Gnupg-users mailing list