4

I am new GnuPG, thus, this might be a silly question. Yet:

I want to encrypt my emails, thus using gpg4win. Alongside I use Kleopatra, a tool for creating my own certificates and managing the public keys of my friends. I went through the manual on Gpg4win - Compendium and was also reading some other manuals and FAQs.

It is always mentioned that it is important to export your own certificate/ private key and ideally save it on some external medium (usb-stick, DVD) and keep your secret-key, well, secret. Anyhow, the certificate is still in the Kleopatra-tool and can be exported again and again (as well as imported). Thus, isn't the security of my certificate not just defined by the security of the access to my PC? I mean, as a hacker I would rather try to get access to someones computer rather than breaking into a flat, searching for that USB-Stick under the pillow. I suggest, that the PC here is the weakest point. If the PC is not the weakest point, there is no need to export and hide the certificate.

Also, I am using Thunderbird and Enigmail. Here I am asked for my passphrase when decrypting mails being sent to me. Similar point as above. Isn't the secret key totally useless as long as one does not know the passphrase? So, where is the point of exporting and physically hiding my cerificate, when having to enter the passphrase in order to make use of my certificate anyway?

Improve this question

3 Answers 3

Reset to default
5

You're considering the security of your private (secret) key. As it is encrypted with a passphrase (at least it should be), an attacker getting hold of the encrypted copy will not be able to use it (unless he gets hold of your passphrase). He will be able to do so if he has access to your computer while the key is in use or still has the passphrase/unencrypted key cached for comfort reasons (entering the passphrase every time is quite annoying) -- consider a trojan on your computer for example.

Now, there are several ways to mitigate the issue of private key theft by hackers getting access to your computer (if you consider it to be one, always put effort in contrast to risk):

  • Using an offline copy which is only connected while you use the key -- least effort, but also least protection against attackers (as soon as you use it and an attacker has control over your computer, he has access to the private key and can make a copy).
  • Using an OpenPGP smart card or comparable USB security token (like a Yubikey): the card holds its own crypto processor, which performs the private key operations and the private key never leaves your computer: an attacker might use your private key while it is connected, but cannot get make a permanent copy!
  • The primary key is of special importance, as it is used to manage your subkeys and can issue certifications. Some people put their primary private key on a dedicated computer, for example some old laptop which is only used for managing this key and not directly connected to the internet at all. This is probably the most paranoid way (and safest against hackers) to manage your OpenPGP keys.

Physical security (against intruders to your flat) is another issue, but has no difference to other important documents and objects.

Finally, there is another issue not related to attackers getting hold of copies of your private key: it is you losing access to your private key because of broken hard disks, administrative mistakes like formatting hard disks or incomplete backups or even a burned-down house. Losing access also means you can never remove it from the key server network any more. It is very reasonable to keep a copy of the private key in a safe place like a bank vault; if you consider this too risky, at least create a revocation key. I keep mine printed as a QR code, and handed over a copy to trusted persons which are thus capable of revoking my key in case anything happens, but cannot use it otherwise.

Improve this answer
1

The big threat here is not theft of the cert - its your hard drive dying and not being able to access your emails.

Backed up private keys mean there's one more thing to lose before you are locked out of your files.

Improve this answer
0

Personally and this may or not be the "best way".

I keep my private key on my system drive. I use full disk encryption and require a token on a USB stick for the disk to be booted.

The only other place I keep my key backed up is in a safe deposit box where I have copies of the private key in the following formats.

Printed - Plain Text Printed - QR Code CD-R USB

I also keep copies on printed paper, CD-R, and USB of recovery keys for other products.

I have an SSD so complete disk failure without warning is not to probable. The worst I'm out is time getting to the bank the next business day.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .