How to back up my key
Einar Ryeng
einarr at pvv.org
Tue Jul 16 10:54:56 CEST 2013
On Tue, Jul 16, 2013 at 07:03:54AM +0800, Martin wrote:
>
> Now I have to walk down yet another rabbit hole and read up about secure
> cards :)
You don't really have to, though I prefer the added security and, at least
after you've set it up to work properly, the added conveninece of the Crypto
Stick.
> Questions b) and c) remain unclear, though:
>
> b) If I assume that a machine is compromised, do I have any chance to use
> GPG? Entering my password (keylogger) and using my private key (trojans,
> remote control malware) would enable an attacker to gain access to my key,
> right? Are secure cards the only solution to this problem? Maybe I should
> simply not use compromised machines when using GPG :)
There are a couple of different scenarios here. If you've not used GPG after
the machine was compromised, you could in theory continue using the same
subkeys as before. However, the overhead of making new subkeys is small, so I'd
probably opt on the safe side and change them.
If you've been using GPG after the machine was compromised, you definately need
to make new subkeys (with a new passphrase of course) and transfer them to your
machine after reinstallation.
The smartcards (or CryptoStick, which is basically the same thing) is a
solution to this. Each card can have three subkeys, intended for use with
encryption, signing and authentication respectively. These can be created on
the card or (probably most common) generated on a secure computer and copied
onto the card. Now, the thing is that there is no interface for copying any of
the keys back out from the card. To use them you have to insert the card and
enter a pin code on the keyboard. All RSA encryption/decryption operations are
performed on the card.
Of course, the pin code could be sniffed and reused as long as the card is
plugged into the computer. However, the risk is reduced significantly compared
to storing the key files on the disk. The Crypto Stick also lights up when
used and also counts the number of signatures performed, so there is a good
chance you'd notice it quickly if you were under attack.
> c) Are there major concerns about backing up my TrueCrypt container on
> Dropbox? I could even encrypt it further and put it into an encfs container
> (which I am already doing when I use Dropbox). I have read blog posts where
> people say that they even put their private master key openly into the wild
> because it has a strong passphrase and strong encryption anyways.
No, at least no issues I'd bother to worry about. TrueCrypt is basically as
safe as your password, and your key is also password protected.
I would not put my private keys in the open. Even though I trust my passphrase,
there is a security bonus in having basically two security factors
(passphrase and the file). An example; camera surveillance of you typing your
passphrase would not be enough by itself to steal your identity if they also
need a way to get your private key.
A good backup is to print the ASCII armoured export of your key on a sheet of
paper and keep it filed somewhere.
--
Einar Ryeng
More information about the Gnupg-users
mailing list