Jeff Schmidt <jsb...@weldingengineering.com> writes: > Hi, > > So, I want to start using Gnupg more to sign things. Right now, in > addition to GnuPG having access to my private key, to use > signing/encryption in my email client, requires allowing the openpgp > implementation in the email client to access my private key. Which, I > think I'm OK with as it's a local client, but, I got to thinking about > the problem of access to the private key. > > Of course, the whole premise of public key encryption is that your > private key is a closely guarded secret. Which raises the question, > how does one USE the private key, without risking exposing it. > > There are multiple problems, it seems to me, and I'm sure as I'm about > 20 years late to the party, that others have identified these and > more, so I wonder if I can get recommendations to articles/blog posts > online, or books, or any wisdom the subscribers of this list can > impart. > > But, the problems that have occurred to me: > > * Even if one only uses the key locally on one or two 'trusted' > devices, there is still the problem of multiplying how many > different apps might have access to your private key - and the more > apps, the more points of potential failure/leakage of your key. Any > app that has been maliciously trojaned by some bad actor, could > steal your private key, and transmit it to some third party, or even > allow a third party to simply sign or encrypt data using the local > app, that isn't yours, as if it came from you. > > * The problem gets worse when you think about things like online > services - if you are using an online email or messaging provider, > or photo sharing service, document/file sharing service, online > social media service, it seems like it would be a really bad idea to > upload your private key to those services and trust them with that. > Now, maybe you might use subkeys are a sort of partial solution to > that - generating service-specific and revocable subkeys for each > specific service, and never providing the master private key, but > that still presents a risk that any of those subkeys might be > stolen. > > * Using a strong password to encrypt and protect the private key, > while a good idea, doesn't really solve the problem, because at some > point, to use the private key, you have to provide the password so > it can be decrypted to be used, and every time you provide the > password, it presents an opportunity for the key to be stolen. > > It seems to me that maybe the best way to resolve many of these risks, > at least, to reduce the 'surface area' of the risk, is to only have > ONE app (ideally, gnupg) that EVER accesses the private key, and that > ALL other requests to encrypt or sign data be brokered through a > 'gnupg server' running on my trusted device, where connections to the > server are encrypted, and when I want data to be signed or encrypted > with my private key, whatever app I'm using to originate the data > connects to gnupg and requests signing or encryption as a service from > the server. Then, gnupg could present the data to me for verification > that no man-in-the-middle or malicious app has altered the data before > submitting it for signing/encryption, then I provide my password just > to gnupg, which would sign or encrypt the payload and pass it back to > the original app or web service. > > Is there an easy way to use gnupg like this? It would be lovely if, > for example, when I'm posting on a social media platform, if I could > configure the social media app to connect to my local 'gnupg server' > and have all my posts and shared photos/videos signed. Of course, this > would require support in those third party apps to have the necessary > code to make that connection to gnupg, but, as a starting point, I'm > not clear if there is even any standard protocol for such a service, > or if gnupg implements it?
You may want to consider using an OpenPGP smartcard (for example, a Yubikey). Seems that you are a good fit. Using a OpenPGP smartcard, the private key never leaves the smartcard. The smartcard can also be used on a smartphone that has NFC support. Cheers _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users