[kwlug-disc] Generating and using PGP keys

Chris Frey cdfrey at foursquare.net
Thu Feb 19 18:57:37 EST 2009


On Thu, Feb 19, 2009 at 05:25:13PM -0500, Kyle Spaans wrote:
> I have many similar questions, and would be willing to participate in
> a Key-Signing-Party
> at a future meeting.
> 
> My questions revolve more around "I don't send mail from my personal
> computer, but from
> a remote one I'm connected to via SSH, what do I do?" But it sounds
> like subkeys might
> answer this question.

I think that might be a slightly dangerous way of looking at GPG security.
The only value of using a subkey is that you don't have to run around
and get people to sign your new key every time your old one is compromised.

But the ideal is to avoid having your key compromised in the first place.
And my rule for that is:

	Never type your passphrase on a computer you don't trust.  

This introduces a number of usage restrictions, and often means you
can't read your email until you get to your trusted machine.

In my case, I have the same problem as yours.  I do all my email from
my ISP's server, but I don't trust that machine to hold my private keys.

My solution has been to use ssh port forwarding and replace the usual
GPG mutt commands with my own shell scripts.  These scripts send email
through the forwarded ports so that all actual gpg commands (and therefore
all passphrase typing) is done on my local machine.  Only the encrypted
or signed data exists on the server, not the keys.

For the average user, I'm quick to acknowledge that this is entirely less
than ideal, but then, the average user doesn't use ssh and mutt to do email
on a remote server. :-)

The average user will either use Thunderbird (for which there is GPG support,
I believe), or gmail (where you can use the FireGPG plugin in Firefox).
Both of these solutions keep your private key on your own machine where it
belongs.

I would also not recommend keeping your private keys on a machine where you
test a lot of new and potentially untrusted software.  Such as a development
machine.  But of course, this needs to be balanced against the actual
benefit of using GPG, and I've found that if you worry too much about
being theoretically secure, you may never take the leap into better
practical security.

GPG does a pretty good job of protecting the user from himself, so there's
little harm in jumping in and just giving it a try.  The user is still the
weakest link in security, but don't be like me and let that stop you from
trying for so many years. :-)

In some cases, perfect is the enemy of good, and improvement can only happen
incrementally.

- Chris





More information about the kwlug-disc mailing list