gnupg 'signing server'? Looking for advice on key management/security

Jeff Schmidt jsbiff at weldingengineering.com
Sun Nov 12 15:50:07 CET 2023 

Hi,

    So, I want to start using Gnupg more to sign things. Right now, in 
addition to GnuPG having access to my private key, to use 
signing/encryption in my email client, requires allowing the openpgp 
implementation in the email client to access my private key. Which, I 
think I'm OK with as it's a local client, but, I got to thinking about 
the problem of access to the private key.

Of course, the whole premise of public key encryption is that your 
private key is a closely guarded secret. Which raises the question, how 
does one USE the private key, without risking exposing it.

There are multiple problems, it seems to me, and I'm sure as I'm about 
20 years late to the party, that others have identified these and more, 
so I wonder if I can get recommendations to articles/blog posts online, 
or books, or any wisdom the subscribers of this list can impart.

But, the problems that have occurred to me:

* Even if one only uses the key locally on one or two 'trusted' devices, 
there is still the problem of multiplying how many different apps might 
have access to your private key - and the more apps, the more points of 
potential failure/leakage of your key. Any app that has been maliciously 
trojaned by some bad actor, could steal your private key, and transmit 
it to some third party, or even allow a third party to simply sign or 
encrypt data using the local app, that isn't yours, as if it came from you.

* The problem gets worse when you think about things like online 
services - if you are using an online email or messaging provider, or 
photo sharing service, document/file sharing service, online social 
media service, it seems like it would be a really bad idea to upload 
your private key to those services and trust them with that. Now, maybe 
you might use subkeys are a sort of partial solution to that - 
generating service-specific and revocable subkeys for each specific 
service, and never providing the master private key, but that still 
presents a risk that any of those subkeys might be stolen.

* Using a strong password to encrypt and protect the private key, while 
a good idea, doesn't really solve the problem, because at some point, to 
use the private key, you have to provide the password so it can be 
decrypted to be used, and every time you provide the password, it 
presents an opportunity for the key to be stolen.

It seems to me that maybe the best way to resolve many of these risks, 
at least, to reduce the 'surface area' of the risk, is to only have ONE 
app (ideally, gnupg) that EVER accesses the private key, and that ALL 
other requests to encrypt or sign data be brokered through a 'gnupg 
server' running on my trusted device, where connections to the server 
are encrypted, and when I want data to be signed or encrypted with my 
private key, whatever app I'm using to originate the data connects to 
gnupg and requests signing or encryption as a service from the server. 
Then, gnupg could present the data to me for verification that no 
man-in-the-middle or malicious app has altered the data before 
submitting it for signing/encryption, then I provide my password just to 
gnupg, which would sign or encrypt the payload and pass it back to the 
original app or web service.

Is there an easy way to use gnupg like this? It would be lovely if, for 
example, when I'm posting on a social media platform, if I could 
configure the social media app to connect to my local 'gnupg server' and 
have all my posts and shared photos/videos signed. Of course, this would 
require support in those third party apps to have the necessary code to 
make that connection to gnupg, but, as a starting point, I'm not clear 
if there is even any standard protocol for such a service, or if gnupg 
implements it?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0x566331566E95AC02.asc
Type: application/pgp-keys
Size: 677 bytes
Desc: OpenPGP public key
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20231112/eb0f707e/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20231112/eb0f707e/attachment.sig>

More information about the Gnupg-users mailing list