Question about a perfect private Key store for today's environment

Pete Stephenson pete at heypete.com
Sun Sep 22 10:28:58 CEST 2013 

On Sat, Sep 21, 2013 at 11:06 PM, Aleksandar Lazic
<al-gnupg_users at none.at> wrote:
> What could be a perfect or at least a very good storage of the
> private Key.

Probably a smartcard -- this keeps your key entirely on the card and
it is not accessible to the computer (that is, a bad guy with control
of your computer cannot extract the key from the card).

It's almost certainly possible that a well-equipped adversary with
chip-disassembly equipment (read: a major government) could physically
take apart the chip and read the data off the internal parts directly,
but that's a different story altogether. Personally, I use a smartcard
to prevent my private keys from being revealed if my computer is
compromised by malware or some other sneaky stuff. If someone is
willing to go through with seizing my smartcard and taking it apart, I
have bigger problems. :)

> My definition of "today's user environment":
>
> 1.) Private  mobile device, tablet, notebook with private E-Mail program
> 2.) Business mobile device, tablet, notebook with company E-Mail program
>     with company key and private key
> 3.) Private  mobile device, tablet, notebook with Web mail only access
> 4.) Business mobile device, tablet, notebook with Web mail only access
> 5.) more to defined
>
> There are for different clients different tools available but the problem
> from my point of view is that you must always add your private key into the
> different clients.
>
> This is a lot of work and sometimes not possible as in point 3+4 defined.
>
> Point 1+2 are also not very secure due to the fact that nobody knows what
> really happen on such devices.

Well, #1 is probably the most secure: it's your own device and your
own mail client (e.g. Thunderbird).

#2 is probably the least secure, as the company has access to your private key.

> There are some HW-Solutions like
>
> http://g10code.com/p-card.html
> http://shop.kernelconcepts.de/product_info.php?cPath=1_26&products_id=133&osCsid=503b6045b0863ea8f4bc84757e89ee81
>
> but how could this or other HW-Solutions be usable along with Point 1+2
> definitions?

Easy: many mail clients have OpenPGP support built-in, or available
through an add-on like Enigmail for Thunderbird. Many can read the
smartcard and handle the encryption/decryption/signing operations
through the normal interface. Even without a smartcard, they can
access one's keyring and perform the various operations.

> In case you have your own server with your own web mail solution like
> roundcube, Horde or any other and you have secured your private Key on this
> server then you have a solution for point 3+4  but not for 1+2.

I'm not sure how much I'd trust a web service, even one operated by
myself or a company, with my private keys. I'd much rather keep them
on a smartcard, accessible only to myself.

> What solution is available for public Web mail providers like gmail, gmx,
> hotmail, .... .?

Gmail permits access with mail clients (e.g. Thunderbird), so one
could use such a client in conjunction their OpenPGP software to send
and receive encrypted mails.

For webmail-only providers, you'd need to compose your message offline
(say in a text editor like Notepad or something similar), then perform
the encrypt/sign operations, then copy-paste the encrypted/signed
output into the webmail compose window.

> What are your opinions about the thought above?
> What are your solution which you use?

Usability is a big concern, and it's difficult with webmail-only
services that people use these days. It becomes much more
straightforward if one uses a mail client program.

Cheers!
-Pete

-- 
Pete Stephenson

More information about the Gnupg-users mailing list