Multiple email addresses - any alternative to ask everyone to sign all my keys?
Christopher J. Walters
cwal989 at comcast.net
Wed Jul 24 11:28:28 CEST 2013
Hello Philipp,
On 7/24/2013 1:53 AM, Philipp Klaus Krause wrote:
> Hmm, since everyone seems to think "He doesn't consider the unviersity
> computer secure enough for something, so he shouldn't consider it secure
> enough for anything", it seems I'm failing and communicating what I want
> to do. Maybe having a look at the following scenario will help:
You said that you do not trust the security of the university computer, so we
were taking your assessment as a starting point.
> I have three computers, a smartphone named CONFIDENTIAL, a desktop in my
> office named SECRET, and one in the underground shelter with armed
> guards and the dog that needs to be fed the right type of meat to let me
> through named TOPSECRET.
Okay, I get that. Presumably TOPSECRET is your own computer which you believe
to be the most secure, and SECRET is the university computer. My amended
suggestion would provide the best security for both computers, however, it
would likely be hard if not impossible to implement on a smart phone.
> I have email addresses confidential at me, secret at me and topsecret at me.
> People sending confidential mail will send to confidential at me, and
> expect a reply within a short timeframe, so I need to be able to decrpyt
> and read the mail on CONFIDENTIAL. On SECRET, I want to read mail sent
> to confidential at me and secret at me. People that value security over timely
> processing will send mail to topsecret at me. On TOPSECRET I want to be
> able to decrypt mail sent to confidential at me, secret at me and opsecret at me.
> Nothing that happens to computer CONFIDENTAIL may allow other people to
> read mail sent to secret at me or topsecret at me. Nothing that happens to
> SECRET may allow other people to read mail sent totopsecret at me.
If you are using a smart phone to receive exams from students, there is a big
security problem with that. Especially, if you are using a proprietary OS. I
will let others explain why that is a bad idea, for the sake of brevity.
> I can handle this scenario by having three keypairs, one for each of the
> email addresses. But this would require everyone to sign all three of
> these keys. Is there a way to handle this secnario, such that people
> only have to sign one key?
Other posters have answered with a way this can be done. Create one key (for
TOPSECRET presumably), and add subkeys for your phone and your university
computer. This would allow people to only have to sign one key, as you've
requested.
As for security, any chain is only as strong as its weakest link - security is
no different. If others you do not trust have access to one of the devices
(for example, SECRET), then that is the weakest link in the chain. If you have
your whole secret keyring on all three devices, then it is likely that an
attacker who has physical access to SECRET would have access to your key any
all subkeys, and would only need a simple keylogger.
One way to avoid this problem is to have your keyrings stored, with a strong
passphrase (almost goes without saying), in one location a (potentially
encrypted USB drive), and to access your mail, GnuPG and other necessary
applications using a secure and trusted Live CD or DVD (e.g. Knoppix, or
RIPLinuX). This would avoid any security problems on computers, as long as you
can access the network through the Live CD. You clearly could not use a Live
CD on a smart phone. As long as you could carry the USB stick drive with you,
and it was not stolen from you (especially if you encrypt the file systems on
the USB stick drive), then the relative security of each computer would not
matter, since anyone who got a hold of your USB stick drive would have to
decrypt it before they could begin attacking your passphrase(s).
If CONFIDENTIAL is your smart phone, then you'd need at least two main keys,
and one would have to be stored on the phone. If it were a computer, my
suggestion may be of some use to you.
Regards,
Chris
More information about the Gnupg-users
mailing list