Secure key management ?

Dear Lazyweb

Now it is my turn to ask you for help. How to manage your private keys (ssh, gpg, ..) securely when on the move with a laptop ?

Storing the stuff in your homedir makes it kind of vulnerable if you lose your laptop (get stolen).
Storing your keys on a usb stick has the same problems if it gets stolen.

A idea could be to store half the key on a usb stick and the other half of the key on your laptop.
Another idea colud be to encrypt your private keys on the laptop with another key stored on a usb stick. (Or the other way around)

Other ideas? And is there already some well thought software written to do this ?
Or is the best advice to just to keep your usb stick really really close and hope for the best.

/Sune

Posted in english
7 comments on “Secure key management ?
  1. Anonymous says:

    The same way you protect your laptop: never let it out of your sight.

    That said, you should also:

    * Have a long passphrase for your GPG key; use gnupg-agent to remember it so you don’t feel tempted to make it shorter due to frequent typing.

    * Keep a backed-up GPG key revocation certificate. I keep one printed in a locked file cabinet.

    * Have one SSH key for each of your client machines. Have a plan to remove the laptop SSH key from all machines it currently has to log into.

    * Possibly have one GPG key for each of your client machines, and sign them with each other.

  2. Jussi Kukkonen says:

    The half-a-key solution works, and I believe I’ve seen some software for it… But if you happen to have a smart card reader in the laptop or you’re ready to buy a usb device (the weight is insignificant, but volume might not be), I’d say that is the best solution. I joined fsfe mostly because of the card they give, and I have to say it’s pretty neat.

    In a way the card solution is the easiest one too: The card has a self destruct mechanism that locks the card after 3 unsuccessful pin code entries, so the pin doesn’t have to be as long as a passphrase.

    Put authentication/signing/encryption subkeys on the card and even losing the card isn’t a big deal — just revoke the subkeys and create new ones for a new card.

  3. My simple solution is to have my complete home directory encrypted. Linux has really nice support for this, and using the PAM mount module, en encryption/decryption can be done transparently to you.

  4. Soren Hansen says:

    This is what you want: http://www.digital-scurf.org/software/libgfshare

    I’ve made a desktop-daemon kind of thing for it that I need to release real soon now. It notices when you plug in your usb stick and automatically assembles your gpg key and removes it again when you yank out the usb stick.
    Until I get around to releasing it, there are command line utils in the package.

  5. nion says:

    I heard encrypted FS + backup should work ;-P

  6. Jon says:

    Are any of the encrypted FS solutions actually stronger than the encryption used when you passphrase-protect your key?

  7. Hi,
    My laptop’s HD is encrypted, and the keys are secured with another passphrase.
    I have backup copies on encrypted USB drives. The drives are proteced with long passphrases (15-40 characters usually, I literally use passphrases. Especially for backup harddisks which you only access every once in a while, that works very well.), my SSH key has a shorter password of around 12 characters.

    This still leaves some attack vectors open:
    – ‘visual eavesdropping’ when entering the passphrase
    – ‘bootloader hacking': when the laptop is unattended, someone could replace the initrd system with one that logs and stores the passphrase
    – bad software coming in via Debian (think of a clock applet modified so it tries to log passwords)
    – vulnerabilities in login/gnome-screensaver/xscreensaver, root escalation, retrieving the encryption key from the running system
    – there are probably more I havn’t thought of, and variants of above AV.

    the first two could probably be lessened by using a USB or smartcard token additionally or to store the bootloader. Bootloader hacking could also probably be prevented by using TPM.

1 Pings/Trackbacks for "Secure key management ?"
  1. […] Sune Vuorela asks about how to secure important data such as GPG keys on laptops. […]

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>