On 11/18/2013 6:21 PM, adrelanos wrote: > Hi, > > An article about air gapped OpenPGP keys has been written by me: > https://www.whonix.org/wiki/Air_Gapped_OpenPGP_Key > > Please leave feedback or hit the edit button. Maybe it's useful for > someone. It's under public domain. > > Cheers, > adrelanos
Excellent work! Here's some minor suggestions and personal opinions. 1. If you set the keyprefs in your gpg.conf configuration file before you generate a new key it will generate new keys with these stronger defaults rather than having you need to edit them later. See <http://www.debian-administration.org/users/dkg/weblog/48> for details and examples. I'd like to call your attention to the "cert-digest-algo SHA256" line -- this means that your primary key will make stronger signatures on other keys (e.g. your subkeys and other people's public keys). This is probably a Good Thing. 2. Have you considered adding TWOFISH and BLOWFISH to the list of ciphers? I put TWOFISH after AES256 and before AES192, and I put BLOWFISH after AES but before CAST5. I like having diverse, strong ciphers available to those who might elect to use them. Since the versions of GnuPG I use support those ciphers and they're generally well-regarded I see no reason to exclude them, but your mileage may vary. I've been tempted to add prefs showing I can use the CAMELLIA cipher -- does anyone know of a good reason not to? 3. When generating the key and you're prompted to pick a key type, I recommend selecting #4 ("RSA (sign only)"). This generates only the primary signing/certification key but does not generate an encryption subkey at the same time. Later you can add the encryption and signing subkeys. This can be useful if you want to mix-and-match algorithms and expiration dates. For example, I have a 3072-bit DSA sign/cert primary key, a 2048-bit RSA encryption subkey, and a 2048-bit RSA signing subkey. The two subkeys have a 5-year expiration time while the primary key has no expiration time. Of course, selecting option #1 and creating an RSA sign/cert primary key with an RSA subkey of equal strength with the same (if any) expiration date, followed by adding a new signing subkey also works. It's simply a matter of personal preference -- I like generating each key individually so I have control over that specific key. 4. Are there any known issues with your "air gapped" system being the same physical hardware as your everyday system even if you use a LiveCD? I don't know if there'd be the potential for hardware compromises. Depending on one's security needs, it might be useful to get a separate, isolated, never-connected-to-the-internet computer specifically for high-security needs. (See <https://www.schneier.com/blog/archives/2013/10/air_gaps.html> for some pointers.) 5. Smartcards are also useful, as you can generate keys on your isolated computer, back them up safely, then copy the keys to the smartcard. You can then use the smartcard on your everyday system without risk of exposing the private keys. I have an RSA primary key on one smartcard and RSA signing/encryption subkeys on another smartcard. (I also have a third card which has the RSA subkeys for the key I mentioned in point #3 above. I rather like smartcards.) Cheers! -Pete Cheers! -Pete _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users