[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gnupg-users
Subject:    Re: Best practice to use several smartcards for a single key?
From:       "m.fernandes.business via Gnupg-users" <gnupg-users () gnupg ! org>
Date:       2020-12-14 12:37:11
Message-ID: CANJMFk98gpAfqQjCqwhQvK6jvRvhQTugyhRcYRHtoqUV97dNRg () mail ! gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


> 
> Date: Sun, 13 Dec 2020 21:22:44 +0000
> From: Andrew Gallagher <andrewg@andrewg.com>
> Message-ID: <9AE37DA2-0E50-46CD-8F16-05C4D55B3BDF@andrewg.com>
> 
> 
> > On 13 Dec 2020, at 11:08, Nicolas Boullis <nicolas.boullis@ecp.fr>
> wrote:
> > 
> > My idea was that there was little chance that a smartcard fails (Werner
> > Koch told me that the failure I experienced was exceptionnal) and if it
> > does I can set up a new encryption key and, using the second smartcard,
> > decrypt all the files that were encrypted for the old key and re-encrypt
> > them for the new key.
> 
> How are you going to decrypt the old files if your old smartcard is
> already dead? If you don?t want to lose all access to your encrypted files,
> you *must* keep a backup of your encryption key material at the very least.
> There is no recovering from a deleted encryption private key.
> 
> I keep my key material on a Tails encrypted partition in a safe place.
> Alternatively you could keep a paper backup in a safe place. But there?s no
> getting around having some form of backup. What amounts to a ?safe place?
> depends on your threat model of course...
> 
> A
> 
> 
Don't know whether you've considered USB security tokens, but you might
find them less likely to 'die' than smartcards. Once you put your private
key in one of the Nitrokey security-token products, it's supposed to be
impossible to extract the key (not sure whether the same is *as much* true
with the smartcards you are considering).

I agree with Nicolas Boullis, that using duplicate smartcards (or USB
security tokens) might be preferred for back-up purposes. If on the other
hand, you want to back-up your private key in the more conventional way
suggested by Andrew Gallagher, and you are worried about adversaries
gaining access to your backup, you might want to do something like
splitting the key into several parts, and then backing-up each of the parts
with a different friend/colleague, perhaps each of whom is located very far
away from the others: see Shamir's Secret Sharing
<https://en.wikibooks.org/wiki/End-user_Computer_Security/Main_content/Passwords_and_digital_keys#Shamir's_Secret_Sharing>
                
.


Kind regards,


Mark Fernandes


[Attachment #5 (text/html)]

<div dir="ltr"><div class="gmail_quote"><blockquote class="gmail_quote" \
style="margin:0px 0px 0px 0.8ex;border-left:1px solid \
                rgb(204,204,204);padding-left:1ex">Date: Sun, 13 Dec 2020 21:22:44 \
                +0000<br>
From: Andrew Gallagher &lt;<a href="mailto:andrewg@andrewg.com" \
target="_blank">andrewg@andrewg.com</a>&gt;<br>Message-ID: &lt;<a \
href="mailto:9AE37DA2-0E50-46CD-8F16-05C4D55B3BDF@andrewg.com" \
target="_blank">9AE37DA2-0E50-46CD-8F16-05C4D55B3BDF@andrewg.com</a>&gt;<br><br> <br>
&gt; On 13 Dec 2020, at 11:08, Nicolas Boullis &lt;<a \
href="mailto:nicolas.boullis@ecp.fr" target="_blank">nicolas.boullis@ecp.fr</a>&gt; \
wrote:<br> &gt; <br>
&gt; My idea was that there was little chance that a smartcard fails (Werner <br>
&gt; Koch told me that the failure I experienced was exceptionnal) and if it <br>
&gt; does I can set up a new encryption key and, using the second smartcard, <br>
&gt; decrypt all the files that were encrypted for the old key and re-encrypt <br>
&gt; them for the new key.<br>
<br>
How are you going to decrypt the old files if your old smartcard is already dead? If \
you don?t want to lose all access to your encrypted files, you *must* keep a backup \
of your encryption key material at the very least. There is no recovering from a \
deleted encryption private key.<br> <br>
I keep my key material on a Tails encrypted partition in a safe place. Alternatively \
you could keep a paper backup in a safe place. But there?s no getting around having \
some form of backup. What amounts to a ?safe place? depends on your threat model of \
course...<br> <br>
A<br><br></blockquote><div><br></div><div>Don&#39;t know whether you&#39;ve \
considered USB security tokens, but you might find them less likely to &#39;die&#39; \
than smartcards. Once you put your private key in one of the Nitrokey security-token \
products, it&#39;s supposed to be impossible to extract the key (not sure whether the \
same is <u>as much</u> true with the smartcards you are \
considering).</div><div><br></div><div>I agree with  Nicolas Boullis, that using \
duplicate smartcards (or USB security tokens) might be preferred for back-up \
purposes. If on the other hand, you want to back-up your private key in the more \
conventional way suggested by  Andrew Gallagher, and you are worried about \
adversaries gaining access to your backup, you might want to do something like \
splitting the key into several parts, and then backing-up each of the parts with a \
different friend/colleague, perhaps each of whom is located very far away from the \
others: see  <a href="https://en.wikibooks.org/wiki/End-user_Computer_Security/Main_content/Passwords_and_digital_keys#Shamir&#39;s_Secret_Sharing">Shamir&#39;s \
Secret Sharing</a>.</div><div><br></div><div><br></div><div>Kind \
regards,</div><div><br></div><div><br></div><div>Mark Fernandes</div></div></div>



_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic