On Wed, Aug 30, 2017 at 10:09:38AM +0100, Jonathan McDowell wrote: > On Tue, Aug 29, 2017 at 07:34:35PM +0200, Marc Haber wrote: > > Their web page says that it will only suppor 2048 bit RSA keys, which is > > the limitation of most USB crypto tokens on the market today. The > > Nitrokey Pro will also do 3072 and 4096 bit, but it's considerably less > > free? > > The Start is based on the GnuK and I think should be upgradable to do 4K > keys. The Pro uses a non-free smartcard internally for the RSA > operations. I believe the Start should also be capable of ECC, as per > the GnuK. It's possible Nitrokey haven't updated their firmware to > support this yet.
I might be missing something, but I am wondering what a free hardware design will help here. I am not in a position to validate it anyway, and an USB token is unlikely to take any private data and phone it home. What do I gain from using the GnuK over a yubi- or nitrokey other than being able to say "yay, it's free"? > > I have been postponing the offline master stuff for years because of > > the hassle connected. Would it be a stupid idea to have one hardware > > token for the Master key (generated on the device, never having left > > it) and a second token for the everyday signing and encryption keys? > > Can I have a master certification key on one device and subkeys on > > another one? Can I also have this when the private parts of master and > > sub keys have been generated on different devices? > > Yes. I have a GnuK which holds my 0x21E278A66C28DBC0 master key, and > then a separate device which has the 3 active subkeys (signing, > encryption + authentication) for this key. How do you back up the key? Was the 0x21E278A66C28DBC0 master key created on the GnuK, or was it imported into the GnuK with a backup somewhere? What do I gain from having my certification master key on a GnuK or other hardware token stored away in the safe over having the certificatio master key with a nasty passphrase on a memory card in the safe? The only issue that I see is that someone who gets access to my safe can (a) copy the encrypted key without me noticing and (b) brute force the passphrase of that copy with unlimited tries. Otoh, with a hardware device, an attacker will have to steal the actual device since he cannot make a copy, and the PIN will self-destruct after three tries, making brute force impossible. The price I pay for this added security is that I have to decide now how many backups of the key I want to have since once the file version of the key was deleted there is no more making copies of it, regardless of how many devices I have it on, and that it would be impossible to move to a different kind of device (smaller, more robust, faster) without creating a new key. Those price is rather severe. What is an acceptable trade-off between: (1) only one copy of the key on one hardware device, with the key never having left that device (2) arbitrary copies of the key on hardware device with no readable copy of the key left (3) key on hardware device with a readable backup stored away in $SAFE_PLACE Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Leimen, Germany | lose things." Winona Ryder | Fon: *49 6224 1600402 Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421
