article about Air Gapped OpenPGP Key

adrelanos adrelanos at riseup.net
Tue Nov 19 12:50:34 CET 2013


Pete Stephenson:
> 1. If you set the keyprefs in your gpg.conf configuration file before
> you generate a new key it will generate new keys with these stronger
> defaults rather than having you need to edit them later. See
> <http://www.debian-administration.org/users/dkg/weblog/48> for details
> and examples.

I also thought about recommending a gpg.conf with specific settings.
Maybe this one:
https://github.com/ioerror/torbirdy/pull/11
https://github.com/ioerror/torbirdy/blob/master/gpg.conf

Not sure... What makes the page less complex and confusing? Explain how
to set such options using command line or creating a gpg.conf?

When one uses a Live system for its air gapped OpenPGP key, one would
have to constantly remember re-creating this that gpg.conf. (Gone after
reboot.)

> I'd like to call your attention to the "cert-digest-algo SHA256" line --
> this means that your primary key will make stronger signatures on other
> keys (e.g. your subkeys and other people's public keys). This is
> probably a Good Thing.

This is important. Can this be set without using gpg.conf?

> 2. Have you considered adding TWOFISH and BLOWFISH to the list of
> ciphers? I put TWOFISH after AES256 and before AES192, and I put
> BLOWFISH after AES but before CAST5. I like having diverse, strong
> ciphers available to those who might elect to use them. Since the
> versions of GnuPG I use support those ciphers and they're generally
> well-regarded I see no reason to exclude them, but your mileage may vary.

No, I haven't considered it, don't feel I am competent for such a
discussion. I am ignorant about the nuances which ciphers are
better/worse/when/etc. and following recommendations from here:
https://github.com/ioerror/torbirdy/blob/master/gpg.conf

> 3. When generating the key and you're prompted to pick a key type, I
> recommend selecting #4 ("RSA (sign only)"). This generates only the
> primary signing/certification key but does not generate an encryption
> subkey at the same time. Later you can add the encryption and signing
> subkeys. This can be useful if you want to mix-and-match algorithms and
> expiration dates.
> [...]

Implemented this suggestion.

> 4. Are there any known issues with your "air gapped" system being the
> same physical hardware as your everyday system even if you use a LiveCD?
> I don't know if there'd be the potential for hardware compromises.
> Depending on one's security needs, it might be useful to get a separate,
> isolated, never-connected-to-the-internet computer specifically for
> high-security needs. (See
> <https://www.schneier.com/blog/archives/2013/10/air_gaps.html> for some
> pointers.)

I added this:

> You can boot a Live DVD or an operating system installed on external
media such as USB (recommendation: use full disk encryption). Using a
separate physical hardware is better than just booting another operating
system, but still, using another operating system is better than nothing.

> 5. Smartcards are also useful, as you can generate keys on your isolated
> computer, back them up safely, then copy the keys to the smartcard. You
> can then use the smartcard on your everyday system without risk of
> exposing the private keys.

I added this suggestion as well.




More information about the Gnupg-users mailing list