Re: [tlug] Managing PGP keys on multiple machines

[David Smith <davidsmith@example.com>]

Curt Sampson <cjs@example.com> writes:

Hi Curt, hope you don't mind how late my reply is.

> David,
>
> On 2008-05-21 15:17 +0900 (Wed), David Smith wrote:
>
>> The solution you're looking for is using PGP subkeys.
>
> I've been looking at this, actually. I already use encryption subkeys,
> expiring them and generating a new one every year, to reduce exposure
> both through having less encrypted material available for analysis for
> any particular key and though having less material that can be decrypted
> should a key be compromised.
>
> I've been doing this for a while (I'm now on my fifth yearly encryption
> subkey), and the only real issue I've had is every year having to go
> around and find all the places that automated systems are encrypting
> things for me to update the keyring. (E.g., most servers that send their
> backups to Starling's central backup server encrypt the data with my
> key, amongst others.)
>
> However, it looks to me like there are more difficulties when it comes
> to using subkeys for signing. The problems section of the page you quoted:
>
>     http://fortytwo.ch/gpg/subkeys
>
> doesn't make the approach look very promising for use in an open
> environment. What's the current state of these problems, and how has it
> been working out for you?


Yes, there are sever deficiencies in the system as well. It's merely
better then the other options.

Regarding your particular issue, I suggest not using your personal key
in automated systems. Would having a 'role keypair' increase your
workflow too much? I believe subkeys are a particularly bad fit to your
issue because they are designed to solve the problem of maintaining the
web-of-trust in potential hostile environments, i.e. not losing all of
the signatures on your key whenever you want to revoke or issue a new
keypair. If your job, like backups, doesn't care about the signatures on
the key, then a role keypair sounds like a better fit. I can describe
how this works in practice in detail if you like but I feel that the
term is pretty self-explanatory.

But about the issues raised on the page, most of the issues written
there actually have relatively decent solutions. Taking those issues in
turn:

 1. Distributing encryption subkeys is hard.

This one has no real solution. For my needs, for example for my personal
backups, I encrypt to both my ephemeral subkey and my offline private
key. In general, encrypted emails or documents addressed to me require
me to access my master private key, which I don't mind too much.

 2. Old PGP versions and old keyservers.

In my world, f*ck it if it's not GnuPG. And for keyserver, let's all use
the subkeys.pgp.net ring and be done with it. Note that the Debian and
Ubuntu keyservers also support subkeys, and I bet others do, too.

 3. The user interface parts of gpg regarding subkeys suck

They suck, but it's manageable. A better interface would be great, but
...


I guess this mail isn't so positive. Sorry about that. Does anyone else
have a better system or solutions to these problems?

Cheers,
- dds

Attachment: pgpy9bBIIirrZ.pgp
Description: PGP signature