Master Key Best Practice with SmartCard
Hi all, In July when I've created my Master Key, I didn't use --expert option and now my master key is Cert and Sign and got 2 subkey for encryption (+1 revoke). pub 4096R/0882B381 créé : 2015-07-04 expire : jamais utilisation : SC confiance : ultimevalidité : ultime sub 4096R/D693C37C créé : 2015-07-04 expire : jamais utilisation : E sub 4096R/AF2FF242 créé : 2015-07-04 expire : 2018-07-03 utilisation : S La clef suivante a été révoquée le 2016-01-21 par la clef RSA 0882B381 Antoine Michard sub 4096R/8FB824DE créé : 2015-07-04 révoquée : 2016-01-21 utilisation : E sub 4096R/48D8D3B6 créé : 2015-07-05 expire : 2018-07-04 utilisation : A sub 4096R/DDCE51A2 créé : 2016-01-21 expire : 2018-07-03 utilisation : E [ ultime ] (1). Antoine Michard [ ultime ] (2) Antoine Michard [ ultime ] (3) Mitch It's work well except that for https://encrypt.to, he use my first encryption key and I can't decrypt it with my Smartcard. So I thinking what is the best to do next: - Delete my useless first subkey encryption from my keyring and send update to key server. - Recreate a new master key with only cert role and create all my subkey (S E A) and copy it to my Smart Card. What your advice on it ?? Nobody have sign my key and I can rencrypt my data. -- Antoine Michard GPG Key: 0xF5C9E7CD0882B381 signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Problems with 4096 keys on 2.1 card
Hi, I've been having some problems using a GPG card 2.1 with Ubuntu repo GPG, think it was 2.0.22. I noticed some discussions in Sept-15 about this and got the impression that it should work. Can someone just make a short comment on this, should a 2.0.22 be able to generate 4096 keys and/or import 4096 subkeys from keyring? The card and reader work ok and imports of shorter keys (like 3072) work without issues. This particular system is an Ubuntu 14.04 and the card is an OpenPGP Smartcard V2.1. TIA, ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Problems with 4096 keys on 2.1 card
On 01/25/2016 06:46 PM, Jorgen Ottosson wrote: > I noticed some discussions in Sept-15 about this and got the impression > that it should work. > > Can someone just make a short comment on this, should a 2.0.22 be able to > generate 4096 keys and/or import 4096 subkeys from keyring? > > The card and reader work ok and imports of shorter keys (like 3072) work > without issues. This particular system is an Ubuntu 14.04 and the card is > an OpenPGP Smartcard V2.1. I think that GnuPG 2.0.22 itself should work well. However, please note that many card readers have problems with larger APDU. Generating keys on card should be ok, but importing keys would be failed with bad reader. Signing should be ok, but decryption would be failed with bad reader. That's because of length of APDU. -- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Master Key Best Practice with SmartCard
On 25.01.2016 12:08, Antoine Michard wrote: > It's work well except that for https://encrypt.to, he use my first > encryption key and I can't decrypt it with my Smartcard. I'd report an issue to encrypt.to maintainer. encrypt.to also doesn't handle correctly the case when more than one key matches speceificed short key id, e.g. https://encrypt.to/0x70096AD1, the shown fingerprint doesn't change when you change selection. -- xmpp:andrey.ut...@decent.im signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Master Key Best Practice with SmartCard
On 25/01/16 10:08, Antoine Michard wrote: > > So I thinking what is the best to do next: > - Delete my useless first subkey encryption from my keyring and send > update to key server. Once you've published a subkey it stays published. Deleting a previously published subkey only removes it from your local machine. It won't stop others from finding it on the keyservers and trying to use it. If you want to explicitly mark a subkey as "do not use" (but you do not believe that it has been compromised), then give it an expiration date of yesterday and republish. There's no particular reason to delete your local copy of the subkey (and there may be very good reasons not to, e.g. old encrypted data). NB expiration can be undone, but revocation cannot. (Remembering our previous conversation, you may instead want to expire your smartcard encryption subkey, and copy the other encryption subkey to the smartcard - but only if you have made a decrypted copy of all your sensitive data first.) > - Recreate a new master key with only cert role and create all my subkey > (S E A) and copy it to my Smart Card. If there's nothing wrong with your primary key there's no need to make a new one. I personally don't think having an extra usage flag counts as sufficiently "wrong" (so long as it's not "E"!). It may not be neat and tidy, but modern implementations should happily verify/auth against multiple subkeys. My current primary key has S,C,A usage and the S,A subkeys haven't caused me any issues so far. A signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Master Key Best Practice with SmartCard
On Mon 2016-01-25 05:08:31 -0500, Antoine Michard wrote: > So I thinking what is the best to do next: > - Delete my useless first subkey encryption from my keyring and send > update to key server. If you don't want people to encrypt messages to your D693C37C subkey, you should revoke that subkey (and only that subkey), and publish your updated certificate to the keyservers. Just deleting the subkey from your certificate locally won't delete the associated copy on the keyserver, or provide anyone else with any indication that you don't intend to continue using it. > - Recreate a new master key with only cert role and create all my subkey > (S E A) and copy it to my Smart Card. This will just create additional confusion for you, because there will now be two certificates associated with your name. It's not the end of the world, but i don't think it would solve your problem as cleanly as the above approach. hth, --dkg ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Master Key Best Practice with SmartCard
>> It's work well except that for https://encrypt.to, he use my first >> encryption key and I can't decrypt it with my Smartcard. > > I'd report an issue to encrypt.to maintainer. > encrypt.to also doesn't handle correctly the case when more than one key > matches speceificed short key id, e.g. https://encrypt.to/0x70096AD1, > the shown fingerprint doesn't change when you change selection. I've previously report my problem too but I don't have any reply yet !! >> So I thinking what is the best to do next: >> - Delete my useless first subkey encryption from my keyring and send >> update to key server. > > Once you've published a subkey it stays published. Deleting a previously > published subkey only removes it from your local machine. It won't stop > others from finding it on the keyservers and trying to use it. > > If you want to explicitly mark a subkey as "do not use" (but you do not > believe that it has been compromised), then give it an expiration date > of yesterday and republish. There's no particular reason to delete your > local copy of the subkey (and there may be very good reasons not to, > e.g. old encrypted data). > > NB expiration can be undone, but revocation cannot. > > (Remembering our previous conversation, you may instead want to expire > your smartcard encryption subkey, and copy the other encryption subkey > to the smartcard - but only if you have made a decrypted copy of all > your sensitive data first.) I've already revoke my encryption key on my smartcard, thanks to you and it works like a charm. (like I said in my previous mail :) ). And I didn't know if you delete a subkey you won't delete it on key server. Thx Again Andrew. You are an incredible source of GPG knowledge >> - Recreate a new master key with only cert role and create all my subkey >> (S E A) and copy it to my Smart Card. > > This will just create additional confusion for you, because there will > now be two certificates associated with your name. It's not the end of > the world, but i don't think it would solve your problem as cleanly as > the above approach. You were right !! Bad idea ^_^ Thanks all again !! Maybe I will revoke my first encryption key. It's on my offline Master key so I will not use it day-to-day. And recreate my master key is not a good idea. Last question: Clean option will only clean locally or on key server too ?? Antoine Michard GPG Key: 0xF5C9E7CD0882B381 Le 25/01/2016 14:59, Daniel Kahn Gillmor a écrit : > On Mon 2016-01-25 05:08:31 -0500, Antoine Michard wrote: >> So I thinking what is the best to do next: >> - Delete my useless first subkey encryption from my keyring and send >> update to key server. > > If you don't want people to encrypt messages to your D693C37C subkey, > you should revoke that subkey (and only that subkey), and publish your > updated certificate to the keyservers. > > Just deleting the subkey from your certificate locally won't delete the > associated copy on the keyserver, or provide anyone else with any > indication that you don't intend to continue using it. > >> - Recreate a new master key with only cert role and create all my subkey >> (S E A) and copy it to my Smart Card. > > This will just create additional confusion for you, because there will > now be two certificates associated with your name. It's not the end of > the world, but i don't think it would solve your problem as cleanly as > the above approach. > > hth, > > --dkg > signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Master Key Best Practice with SmartCard
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 01/25/2016 02:55 PM, Andrew Gallagher wrote: > On 25/01/16 10:08, Antoine Michard wrote: >> >> So I thinking what is the best to do next: - Delete my useless >> first subkey encryption from my keyring and send update to key >> server. > > Once you've published a subkey it stays published. Deleting a > previously published subkey only removes it from your local > machine. It won't stop others from finding it on the keyservers and > trying to use it. > > If you want to explicitly mark a subkey as "do not use" (but you do > not believe that it has been compromised), then give it an > expiration date of yesterday and republish. There's no particular > reason to delete your local copy of the subkey (and there may be > very good reasons not to, e.g. old encrypted data). > > NB expiration can be undone, but revocation cannot. While this is correct in a perfect world, in practice it depends on the context as expirations can only effectively be extended due to possibility for an attacker to remove the new self-sig and presenting an older copy of the certificate to a third party. The same goes for revocation, it is true that the keyservers are add-only and provides some protection against it, but it is feasable for an attacker to present this certificate without revocation data to a user that isn't diligent with regards to keyring refreshes or by manipulation of the update channel (e.g. a preference for fetching from non-tls URI rather than a keyserver). - -- - Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk - Public OpenPGP key at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 - "Expect the best. Prepare for the worst. Capitalize on what comes." (Zig Ziglar) -BEGIN PGP SIGNATURE- iQEcBAEBCgAGBQJWpinoAAoJECULev7WN52Fza0H/Axr/cFYUcEwbTrnK/nldKkr Qp8PuspNNYTsZzugfD6rOU4OamVStbhxKNHuBu72gRc90RtCHsS3K9mFumyuu9ce 1rTuTiFEBvTAfbsSUrFKjXJstm3DaG4uM5su6DMb671A/UmSdB2uJyVglAGhDAIM y+ugSMoySHxjCGb2BTSVbmrn0TCUFosPZSx6KkzCuOByXCI/V2dMRadsZBMd2+1V o2p1PCVoauugePCLMU7naguOjDOFRbKLOIZG0Lxy9fXwrckko1qYDBrY6Fdx1g4j xC5XVZA6ne1IcsRbvTEmwGJ6gmnKed12BKvMZ4XuNiEJP3ymRFWssflCFvZTt2c= =/X7N -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Master Key Best Practice with SmartCard
On 25 Jan 2016, at 14:50, Antoine Michard wrote: > Thx Again Andrew. You are an incredible source of GPG knowledge I'm really not. Just trying to be helpful. Don't trust me any more than any other random person on the Internet. I'm quite likely to make a mistake or leave out something important. > Last question: Clean option will only clean locally or on key server too ?? Just locally. You can't delete stuff from the keyservers, as they're a distributed database with no central control, and they have no method of confirming you are the key's owner. Even if you could get one server to delete your key, it would be resynchronised almost immediately from another server. In general, you should assume that anything that goes on the Internet is there forever, as you have no way of knowing who has made a copy for their own use, let alone do much about it. ;-) A ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Problems with 4096 keys on 2.1 card
On 25 Jan 2016 at 21:07, NIIBE Yutaka wrote: > However, please note that many card readers have problems with larger > APDU. Generating keys on card should be ok, but importing keys would > be failed with bad reader. Signing should be ok, but decryption would > be failed with bad reader. That's because of length of APDU. > -- Can't really confirm that here, generating seem not to work either. gpg --card-status .. Version ..: 2.1 Manufacturer .: ZeitControl .. Name of cardholder: [not set] Language prefs ...: de Sex ..: unspecified URL of public key : [not set] Login data ...: [not set] Private DO 1 .: [not set] Private DO 2 .: [not set] Signature PIN : not forced Key attributes ...: 2048R 2048R 2048R Max. PIN lengths .: 32 32 32 PIN retry counter : 3 0 3 Signature counter : 0 Signature key : [none] Encryption key: [none] Authentication key: [none] General key info..: [none] gpg --card-edit gpg/card> admin gpg/card> generate Make off-card backup of encryption key? (Y/n) n .. Please enter the PIN What keysize do you want for the Signature key? (2048) 4096 RSA keysizes must be in the range 1024-3072 What keysize do you want for the Signature key? (2048) gpg: Interrupt caught ... exiting SO: it seems the card will not generate larger keys then. I have several readers but am testing here with SCR335. Any way to pin-point my issue in more detail? Is my reader known to not support 4096? Info on readers who will? I also have a scr3500 somewhere but think I'll have to install drivers for that one to work, the SCR335 work with internal gpg drivers if I'm not mistaken whereas the 3500 don't work when attached as is. I also find it somewhat hard to get info on support for "Extended length" in several card reader's product-info pdfs I've looked at. TIA, ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Problems with 4096 keys on 2.1 card
On 01/26/2016 08:18 AM, Jorgen Ottosson wrote: > Can't really confirm that here, generating seem not to work either. > > gpg --card-status Please note that GnuPG 1.4 supports up to 3072-bit. This is because of internal library limitation. I believe that "gpg" in Ubuntu is GnuPG 1.4. It is "gpg2" when we want to use GnuPG 2.0. > gpg/card> generate > Make off-card backup of encryption key? (Y/n) n Besides, generating a key with off-card backup is actually done by two steps: * generating a key on host PC * importing that key to card If your choice is "Yes" for the question above, the key for encryption is not generated on card, but generated on host PC. > I have several readers but am testing here with SCR335. > > Any way to pin-point my issue in more detail? Is my reader known to not > support 4096? Info on readers who will? I also have a scr3500 somewhere > but think I'll have to install drivers for that one to work, the SCR335 > work with internal gpg drivers if I'm not mistaken whereas the 3500 don't > work when attached as is. Unfortunately, I don't have specific information (if card reader works with RSA-4096 or not), either. I maintain this list for internal driver. https://wiki.debian.org/GnuPG/CCID_Driver According to this list, SCR3500 works well with the internal driver of GnuPG. In general, the list by PCSC-lite helps. https://pcsclite.alioth.debian.org/ccid/supported.html Looking the device info, both of SCR335 and SCR3500 work with TPDU level exchange. Thus, I believe that both works well for RSA-4096 keys. > I also find it somewhat hard to get info on support for "Extended length" > in several card reader's product-info pdfs I've looked at. I think that it's "Extended APDU level exchange"? There are two level exchanges; one is TPDU level exchange (lower layer) and another is APDU level exchange. For longer APDU with original OpenPGPcard (i.e., in the communication of RSA-4096), the reader should support: TPDU level exchange or Extended APDU level exchange with enough dwMaxCCIDMessageLength If the reader only support short APDU level exchange, original OpenPGPcard doesn't work well for longer APDU. -- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Key signing with non-primary UID
Hi, some ways to achieve what you pretend, # sign (effectively) gpg2 --edit-key [name or email address or short/long keyID or, better, fingerprint of your contact] gpg> sign -u [your non-primary uid for signing given as name or email address] # sign only locally, i.e. it does not leave your computer gpg2 --edit-key [name or email address or short/long keyID or, better, fingerprint of your contact] gpg> lsign -u [your non-primary uid for signing given as name and/or email address] # checking it gpg2 --list-sigs [name or email address or short/long keyID or, better, fingerprint of your contact] # between "sig" and the keyID of your contact you should see an "L" now # You might as well use gpg2 --local-user [your non-primary uid for signing given as name and/or email address] --edit-key [name or email address or short/long keyID or, better, fingerprint of your contact] --lsign-key [name or email address or short/long keyID or, better, fingerprint of your contact] References: (1) README of 1.4.20, but it works with 2.0.x and 2.1.x versions of GnuPG as well (see quote below) (2) manpages (3) gnupg.info (1) GnuPG - The GNU Privacy Guard --- Version 1.4.20 Copyright 1998-2015 Free Software Foundation, Inc. Copyright 1997-2015 Werner Koch [...] Okay, here is how GnuPG helps you with key management. Most stuff is done with the --edit-key command gpg --edit-key GnuPG displays some information about the key and then prompts for a command (enter "help" to see a list of commands and see the man page for a more detailed explanation). To sign a key you select the user ID you want to sign by entering the number that is displayed in the leftmost column (or do nothing if the key has only one user ID) and then enter the command "sign" and follow all the prompts. When you are ready, give the command "save" (or use "quit" to cancel your actions). If you want to sign the key with another of your user IDs, you must give an "-u" option on the command line together with the "--edit-key". HTH Stebe ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
BAD signatures for GnuPG Stable
I downloaded gnupg-2.0.29.tar.bz2 and libgpg-error-1.21.tar.bz2 and their corresponding .sig files from www.gnupg.org/download. I tried to verify them using the gnupg (version 1.4.16) that came with my Ubuntu 14.04 distribution and got bad signature messages for both files: $ gpg --verify gnupg-2.0.29.tar.bz2.sig gnupg-2.0.29.tar.bz2 gpg: Signature made Tue 08 Sep 2015 09:38:22 AM CDT using RSA key ID 4F25E3B6 gpg: BAD signature from "Werner Koch (dist sig)" gpg: Signature made Wed 09 Sep 2015 05:30:24 AM CDT using RSA key ID 33BD3F06 gpg: requesting key 33BD3F06 from hkp server keys.gnupg.net gpg: key 33BD3F06: public key "NIIBE Yutaka (GnuPG Release Key) " imported gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model gpg: depth: 0 valid: 3 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 3u gpg: next trustdb check due at 2018-08-19 gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1) gpg: BAD signature from "NIIBE Yutaka (GnuPG Release Key) " $ gpg --verify libgpg-error-1.21.tar.bz2.sig libgpg-error-1.21.tar.bz2 gpg: Signature made Sat 12 Dec 2015 06:03:30 AM CST using RSA key ID 4F25E3B6 gpg: BAD signature from "Werner Koch (dist sig)" What are some likely causes of this? I also checked the sha1sum and md5sum and they didn't match either. I didn't try the other gnupg packages. Aaron ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
