[clue-tech] Some thoughts about GnuPG.

[David L. Anselmi]

Jed S. Baer wrote:
> Unless you're worried about some process reading memory and leaking info
> after the fact, why not just shut your network off (or even unplug the
> network cable) while you're generating your key?

So this all evolved out of the need to back up the private keys.  They have to go on CD (or 
something) so that they aren't accidentally lost.  Wouldn't it be neat to have a live CD there too, 
for a self-contained signing system?  Yeah, now we're out of control.  But what if it's really easy?

Using a live CD and storing keys on a USB stick is easy.  Then it doesn't wind up on my hard drive 
by accident.  I don't want the master key on my laptop since that's probably the most likely way for 
me to lose it.  That also gets it into my backup files, and then I'd have to start treating them 
like they contain my master key.  But I do expect to use it to sign others' keys.

If I just put the key on a CD and load it when I need it, it could get copied to disk or read by a 
malicious process.  Not very likely I admit (at least until I start protecting very valuable things 
with it).

But maybe there are less tangible reasons to protect this key beyond reason.  Should I start using 
it to trust access to my servers, or to authenticate users of my web site, then I don't have to do 
anymore to protect it--I'll already be in the habit.

It turns out that making your own live CD is easy, even an encrypted one.  The hard part is writing 
the key to CD while using a live CD (in my one CD drive).  But that's a neat hack, not something you 
should actually do.

> Despite my not using it (except for web SSL), I'm actually a big fan of using encryption for data
> transmission. The barrier to doing so is finding recipients who are willing to put in the effort,
> and who will do it properly.

The Debian people seem to be doing pretty well at making their PKI work for daily use.  Though they 
care a lot more about authentication than encryption, I think.

> I'm aware of plenty of people who don't understand the importance of identification for key
> signing. I suppose in some contexts, that might be OK (as in 'I know this key is from the forum
> poster identified by my_kewl_nicname')

So we'll talk about that at installfest.  There do seem to be levels to signatures (see Signature 
Types in RFC 4880).  To make those meaningful you'd have to have a personal policy like this: 
http://www.mattb.net.nz/keys/

I don't think I'd sign a key without checking a photo ID because it wouldn't add any value.  The 
my_kewl_nickname person that you only know by reputation on a forum has already established all the 
trust he needs by associating the key with the forum ID.

> The other thing I worry about is that the only way PGP type PKE will become widespread will be
> with a lot of really inadequate passphrases. If I'm going to encrypt something to somebody using
> their public key, how I do I know their passphrase isn't something like 'I l0ve bacon'?

To be at risk the passphrase has to be cracked *after* the person shared their key with an adversary 
(probably without being aware that it needed to be revoked).  So first, let's make OpenPGP 
widespread.  Then people can suffer from lack of care with their keys.  Then they can learn to take 
care of the keys.  (Not much different than the current problem with identity theft, except that 
*you* are suffering from the lack of care by *others*.)

> Although I do have a few memory tricks in mind for these sorts of things, my other worry is that
> I won't be able to remember a passphrase of sufficient complexity.

Smart cards are probably pretty useful for this problem.  I expect to use a pretty long phrase for 
both the live CD file system and the private key passphrase.  And a shorter one for the sub keys I 
keep on my laptop.  (Is length better then complexity?  I forget.  Longer will probably be less 
complex and shorter will be more complex.)

Dave