Am Dienstag, 6. März 2012, 19:36:07 schrieb auto15963...@hushmail.com: > I agree that user error is a possibility, but I am not certain how > to prove it. I can reproduce another public key just like the one > that was revoked except using a different name.
I do not see any possible user error during key generation which might lead to this except for the generation of very short keys. AFAIK gpg offers a minimum of 1024 bit now and 512 bit has been possible earlier. 512 bit could have been cracked. > I have to reiterate, but not eliminate the posibility, that someone > having access to this machine is extremely unlikely. This is not primarily meant as physical access. > I have a good deal of anti-malware and firewall protection. > Impossible, no; improbable, highly so. Anti-malware software ist usually easy to circumvent. You create malware and play with its compilation parameters until none of the 10 most popular scanners can detect it any more. Chances are better to limit the access of hijacked software to critical data. And that doesn't help against kernel bugs. > Looking at this instruction, I think you assume that I have > imported the revoked key onto my keyring. I have not done so. You really should. > On my keyring is the valid key, which is not revoked. If there is a valid revocation signature out there it does not make any sense not to revoke the local copy of the key. > When I do a search and view the > result online, I can see my key ID number and user ID plainly > identifying this key as having now been revoked. How can a user ID identify a key as being revoked? I don't use key servers often. What I know from regular discussions here is that most key servers don't implement crypto functions. Thus they may show a key as revoked because they have not realized that the revocation signature is invalid. > I am reluctant > to import the bad one because it might mess up the good one. There are not "a good one" and "a bad one". There's an updated one and an outdated one (your local copy). You can always delete signatures locally. Besides you can make a backup of your key, import the revoked one, have a look at it and at worst delete the key and import your backup. > > Can you confirm that? > > I have generated the key on my main PC, which, as far as I know, > and I am no slouch when it comes to security (and, no problem, :) I > do not think you suggested I am). My machine is well protected with > firewall and antimalware. I am interested in software security (not an expert, though) but I would never consider the key I use to sign this email being safe. I mention that in my signature policy. I have different keys for different security levels. > I do not make documents on one > machine, save it to CD and move media to another machine for using > on internet. You probably don't even use a seperate user account for key handling. You don't have to be paranoid but you should accept the consequences of security compromises. > If my machine has been compromised in any way, I need > to ascertain that much and fix it. You cannot fix your machine in a way that you can be sure this will not happen again. You have to determine the risk and effort you are willing to take. Maybe a smartcard is an improvement for you (and no, using a smartcard does not guarantee that unwanted signatures cannot be created). > Still, I find this possibility extremely unlikely in all honesty. I guess you won't find many on this list who share that view. > Nevertheless, I am perfectly willing > to use a different software to try to reproduce another key, and I > am perfectly willing and capable of using the CLI of gnupg if need > be; in this way I can be sure that the program itself is not > responsible. How do you want to reproduce attackers' behaviour? If your next key does not get revoked by someone else then you are sure it is safe? You may create a new key (in a secure environment) with an offline main key with a secure and individual passphrase (hard task not to forget it). That would give you a lot of security that your key is not revoked by someone else. But it will not make your subkeys safer (and thus your signatures more trustworthy). > I have created a key in a manner that I believe is > secure. If it can be revoked, what else can be done with it? Most probable signatures can be faked and data encryped to this key can be decrypted. New subkeys and UIDs can be created. The preferred key server can be changed so that people "never" see the revocation. > I need to fix my mistake so that it does not happen again. Above you refused to do so because it was too much effort for you. Hauke -- PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
