Second OpenPGP-card
Jacob Bachmeyer
jcb62281 at gmail.com
Wed Feb 28 03:52:55 CET 2024
Matthias Apitz wrote:
> El día lunes, febrero 26, 2024 a las 06:40:26 -0600, Jacob Bachmeyer via Gnupg-users escribió:
>
>
>> Matthias Apitz wrote:
>>
>>> [...]
>>> Said/showed that, I can't imagine that, when I SCP the file
>>> .password-store/test.gpg to another mobile with another OpenPGP card,
>>> that this system would be able to decrypt the file and reencrypt it
>>> again with the new card.
>>>
>> Correct. You must first copy the *new* public key to the *old* system and
>> re-encrypt the password store to *both* public keys on the *old* system,
>> then transfer the encrypted blobs to the new system.
>> ...
>>
>
> Thanks for the clarification and clear instruction.
>
You are welcome.
>> While you are here, this is a good time to remind you to regularly check the
>> list of public keys used with your password store. If Mallory can sneak
>> *his* key onto that list, he will be able to get your passwords!
>>
>
> It says:
>
> purism at pureos:~$ gpg --list-keys
> /home/purism/.gnupg/pubring.kbx
> -------------------------------
> pub rsa2048 2021-10-30 [SC]
> 336EB96892FE9FE7F6...................
> uid [ultimate] Matthias Apitz (GnuPG CCID L5) <guru at unixarea.de>
> sub rsa2048 2021-10-30 [A]
> sub rsa2048 2021-10-30 [E]
>
> [...]
Are you sure that *that* is the list of public keys used by pass(1)? It
almost certainly is not, since GPG's public key collection is meant to
collect keys for a variety of uses. For example, sending encrypted
emails or verifying signatures. You probably do not want your password
store encrypted to everyone you correspond with!
Therefore, pass(1) almost certainly has its own list of keys stored
somewhere else. Your regular public key was probably copied to that
list when you initialized the password store. That is the list that you
need to regularly check, lest Mallory be able to sneak his key onto it.
That list is *also* where you need to add your new public key in order
to migrate your password store.
Lastly, I know that you are using a smartcard, but you are storing
long-lived (and presumably valuable) authentication tokens here. Does
the card support RSA4096 or at least RSA3072? If so, I would strongly
recommend migrating to longer keys, as RSA2048 is currently the shortest
not probably already broken by increasing conventional computing power
to throw at factoring. If I understand correctly, this is the reason
that DSA is obsolete: DSA (to support smartcard implementations)
specifies exactly one allowed key length: 1024 bits. While DSA uses
discrete logarithms, the discrete logarithm and factoring problems have
a mathematical equivalence that means a factoring algorithm can be used
to derive a solution to the discrete logarithm problem and /vice
versa/. Accordingly, RSA1024 is now considered sufficiently dubious
that some implementations no longer support it, such as the
go-crypto/openpgp library used by the newer "hockeypuck" keyserver
software, which led to an interesting recent thread on gnupg-devel and
bunch of old keys effectively falling out of the Web of Trust.
-- Jacob
More information about the Gnupg-users
mailing list