On Tue, Jul 16, 2013 at 07:03:54AM +0800, Martin wrote: > > Now I have to walk down yet another rabbit hole and read up about secure > cards :)
You don't really have to, though I prefer the added security and, at least after you've set it up to work properly, the added conveninece of the Crypto Stick. > Questions b) and c) remain unclear, though: > > b) If I assume that a machine is compromised, do I have any chance to use > GPG? Entering my password (keylogger) and using my private key (trojans, > remote control malware) would enable an attacker to gain access to my key, > right? Are secure cards the only solution to this problem? Maybe I should > simply not use compromised machines when using GPG :) There are a couple of different scenarios here. If you've not used GPG after the machine was compromised, you could in theory continue using the same subkeys as before. However, the overhead of making new subkeys is small, so I'd probably opt on the safe side and change them. If you've been using GPG after the machine was compromised, you definately need to make new subkeys (with a new passphrase of course) and transfer them to your machine after reinstallation. The smartcards (or CryptoStick, which is basically the same thing) is a solution to this. Each card can have three subkeys, intended for use with encryption, signing and authentication respectively. These can be created on the card or (probably most common) generated on a secure computer and copied onto the card. Now, the thing is that there is no interface for copying any of the keys back out from the card. To use them you have to insert the card and enter a pin code on the keyboard. All RSA encryption/decryption operations are performed on the card. Of course, the pin code could be sniffed and reused as long as the card is plugged into the computer. However, the risk is reduced significantly compared to storing the key files on the disk. The Crypto Stick also lights up when used and also counts the number of signatures performed, so there is a good chance you'd notice it quickly if you were under attack. > c) Are there major concerns about backing up my TrueCrypt container on > Dropbox? I could even encrypt it further and put it into an encfs container > (which I am already doing when I use Dropbox). I have read blog posts where > people say that they even put their private master key openly into the wild > because it has a strong passphrase and strong encryption anyways. No, at least no issues I'd bother to worry about. TrueCrypt is basically as safe as your password, and your key is also password protected. I would not put my private keys in the open. Even though I trust my passphrase, there is a security bonus in having basically two security factors (passphrase and the file). An example; camera surveillance of you typing your passphrase would not be enough by itself to steal your identity if they also need a way to get your private key. A good backup is to print the ASCII armoured export of your key on a sheet of paper and keep it filed somewhere. -- Einar Ryeng _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users