Am 01.06.2014 16:52, schrieb David Shaw:
On Jun 1, 2014, at 6:54 AM, Suspekt <susp...@gmx.de> wrote:
Hi there, I understand the concept of using a secure offline key
and than creating one or multiple subkeys to use in rather insecure
environments like a internet-connected laptop or a smartphone.
Depending on which tutorial you look at, the recommended
capabilities of the offline key vary. Some use the key just for
certification of own subkeys and keys of other people.
Some recommend using it for certification of own subkeys, keys of
other people and signing of documents that are so important, that
the signing-subkey is not secure enough.
But I yet have to find someone recommending to use the offline
mainkey also for encryption/decryption of files, that are so
important that subkey encryption/decryption is not secure enough.
Is there a reason for that? Am I missing something?
One reason is that in some places there are legal issues around this.
You can be legally required to give up your encryption key to the
authorities or suffer the consequences (arrest / jail / etc). The
idea is that if you have a different encryption and
signing/certification key, you can easily give up the encryption
(sub)key without compromising your (much more valuable) main key. At
least that's the theory - I don't know offhand if this "I'll give you
this key, but not that one" trick has been tested in practice, and if
so, which legal jurisdiction it was tried in, and whether it worked
or not. (I'd be curious to find out, if anyone has any pointers).
For the sake of argument, let's say it worked, though: the
authorities have your encryption key and can now decrypt as they
like. You promptly make a new encryption key using your
(uncompromised) main key and continue on. They can read your old
mail, but not the new, and notably cannot make signatures as you, and
cannot make new keys as you.
As a side note, when doing a key signing with someone, I send them a
message and request they sign it to prove ownership of the key. I
require that this signature comes from the main key - that's the key
I'm signing, so that's the key I need to prove ownership of. The
subkeys are not really relevant here.
David
OK,lets take the forced-by-law-theory in account. Than the "best" way
from a pure security-standpoint in this regard would be:
0. OFFline-mainkey (certification of own keys and other people's keys)
-> 1. OFFline-subkey (signing)
-> 2. OFFline-subkey (encryption)
-> 3. ONline-subkey (signing)
-> 4. ONline-subkey (encryption)
You use keys 3&4 for everyday-usage. You use keys 1&2 for high-security
operations. If you get forced by authorities you would give them exactly
the keys they demand (lets say key 1 and key 4), revoke them and create
new ones with your offline-mainkey (key 0).
Or they just force you to hand over your entire keyring but then this
whole thing would be half the fun
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
