Traveling without a secret key (was: As a fan of GnuPG ... )

Stefan Claas sac at 300baud.de
Tue Jul 7 22:42:07 CEST 2020


Stefan Claas wrote:
 
> ... you should try this out in your terminal and look at the beginning
> of the output:
> 
> $ echo 1fccaf3d | xxd -r -p | openssl dgst -sha256 -binary | openssl enc
> -base64

I thought about this technique a bit for easy to remember passwords, which
can be converted to strong passwords.

Let's say you travel a lot and do not want to risk that your secret key
gets compromised due to border control etc.

One simply uses the program passphrase2pgp, from GitHub[1] and when creating
the key and the passphrase is needed, one simply issues:

echo -n 'simple password' | openssl dgst -sha256 -binary | base91 or base64
and then one gets a string with an entropy of over 200, which is more than
secure. This would one IMHO allow to have a strong passphrase but generated
with an easy to remember password.

Here's a little Go program, wich does this without the above commands,
so that it can be used on Windows without OpenSSL:

package main

import (
	"crypto/sha256"
	"bufio"
        "os"
	"fmt"
	"encoding/base64"

        "ekyu.moe/base91"
)

func main(){
    scanner := bufio.NewScanner(os.Stdin)
    scanner.Scan() // use `for scanner.Scan()` to keep reading
    src := scanner.Text()
    hash := sha256.Sum256([]byte(src))
    fmt.Println(base91.EncodeToString([]byte(hash[:])))
    fmt.Println(base64.StdEncoding.EncodeToString(hash[:]))
}

One simply starts the program and then types the easy to
remember password and presses enter and the program returns
a base91 and base64 string to choose from.

And with passhprase2pgp one needs always to remember the
Unix Expoch Time, for key creation, so that always the
same secret key will be generated.

[1] https://github.com/skeeto/passphrase2pgp

Regards
Stefan

-- 
my 'hidden' service gopherhole:
gopher://iria2xobffovwr6h.onion



More information about the Gnupg-users mailing list