Rotating encryption keys (was: problem signing with a smart card)

[Peter Lebbing]

(oops, accidentally forgot copy to list, sorry for thread breaks)

On 2016-01-21 11:29, Lachlan Gunn wrote:
> Speaking of which, is there any solution around for session key
> archiving?

Not that I'm aware of.

> Key transition would be a bit more convenient if there
> were some way to automatically maintain a log of (encrypted) session
> keys for messages that youve seen, since you could then
> mass-re-encrypt them when you change key.

That's an interesting solution, I hadn't thought of that! But does it
have better security properties than simply encrypting an on-disk copy
of the old encryption subkey, encrypted to the new encryption subkey?
That is a whole lot simpler.

If somebody is able to decrypt the log of session keys, they can
effectively decrypt everything encrypted to the old subkey. This is
presuming the old encryption subkey is no longer used, so all data that
was ever encrypted to the old subkey is in one of the logs (multiple, if
the user has more than one computer).

And if they can decrypt the on-disk copy of the old subkey, they can
decrypt everything ever encrypted to the old subkey, and anything new
that will be encrypted to the old subkey. But the latter is not going to
happen.

Without any rigorous thought having yet gone into it, it seems they have
the same /effective/ properties.

On the issue of usability: right now, an encrypted copy of an old subkey
is a hassle to work with. But GnuPG could implement a feature that it
automatically decrypts it using the current subkey, and then uses the
old subkey to decrypt the data. In a generic form, this means that the
private key storage, which currently only supports symmetric encryption
in OpenPGP parlance, also supports public-key encryption.

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>