Would it be a bastardisation of gpg if...

4 views
Skip to first unread message

Leif Andersen

unread,
Nov 23, 2010, 7:42:16 PM11/23/10
to uf...@googlegroups.com
Thanks in a large part to Allen's persistence, I've got email signing
(and in some cases encryption, although that's almost non-existent as I
have so few people's public keys). Anyway, one thing that has been
bothering me for a while though is sending email on the go. In Android,
the (closed source) gmail app doesn't support pgp signing, and the built
in (open source, I think)) email app doesn't either. However, k-9 does,
at least when you install apg (which I think uses bouncy castle, don't
ask me why Android doesn't have it built into the OS as it actually uses
a version of bouncy castle).

Anyway, more to the point. As I don't really trust that devices as much
as I would my computer for example (I leave it open for people to pick
up etc. etc.), I don't want to store my desktop key on it, in fact, I
don't even want a long lasting (5-10 year) key on it, and would rather
have a key expire every year, or possibly every half a year.

However, I don't want any extra work on the other end, which is to say
that people who have my current public key, wouldn't have to get a new
one every 6 months to a year (obviously that would get annoying, and I
for one certainly wouldn't do it for everyone I correspond with).

So, I was thinking of creating another key, only for mobile email, that
way I can sign it. Then I could sign that key with my main key. Then
upploading it to a public keyserver, and finally signing email I send
with it. That way if anyone ever did want to check the validity of the
key they could always just check it with the keyserver.

This idea still has drawbacks though. Whoever did want to check it
would still have to have to get the latest key every year or so, but at
least they would no it's me without having to meet me in person, etc. etc.

But does anyone have any better ideas? (Or am I just being too paranoid?)
--
~Leif Andersen

signature.asc

Michael Holley

unread,
Nov 23, 2010, 10:10:55 PM11/23/10
to uf...@googlegroups.com
You're being too paranoid.


----
Michael Holley
PGP: 393154FF




----
Michael Holley
PGP: 393154FF

PGP.sig

Michael Holley

unread,
Nov 23, 2010, 10:11:21 PM11/23/10
to uf...@googlegroups.com
Okay my last reply was me just being silly.

I've often thought of that, but if you expire your keys too often then you never have a strong PGP identity. For example: You recently created a key, went to a party, and now it has 15 signatures. In the PGP world, that means 15 people trust that you are you. So if I were to receive an email from you with 15 sigs on the key I would have a higher chance of trusting it came from you.

Now if you cycle your key every 6 months, then your key will always just have one signature, yours, and eventually the connection will get too weak, kind of like a photo copy of a photo copy. So in 2 years if you send me an email I see that it is signed by two people, both being yourself. If I trace it I have to go through 5 keys before I see any one who is trusted, and that is looks odd and nefarious.

So what you should do is not create multiple keys, but have one with a revocation certificate. What that would mean is if your key is compromised, all you have to do is sync your revocation certificate to a key server and now it's revoked and everyone can see that. The only reason I would have an expiration date on a key is if the material I'm encrypting is so sensitive is someone caught the encrypted data and is waiting for computers to get powerful enough to crack it later.

So what I do is make my key 4096 bits, super strong, so by the time computers are strong enough to crack it, the data the bad guys captured wont have value any longer. And when that day comes, I'll generate a key with 8192 bits and then sign it with my 4096 key before revoking it.

I use K-9 on my Android phone and I don't mind using my current key on it. The only concern I have is my private key lives on the phone, and if it is stolen, then someone can copy it off and then impersonate me. I haven't figured out a solution for that yet.
PGP.sig

Allen Lowe

unread,
Nov 25, 2010, 12:31:17 AM11/25/10
to uf...@googlegroups.com
actually, they couldn't, because they can't unlock your private key without your password!

Leif Andersen

unread,
Nov 25, 2010, 12:37:51 AM11/25/10
to uf...@googlegroups.com
Ah, okay, thanks...let me clarify a bit.

I wasn't going to sign the new key with the old key I was using (that
would be really silly), but rather, with the desktop key. (So in other
words, one level of 'photocopy'). Whenever that key would expire, I
would simply sign the new one with the desktop key. (Perhaps I worded
that poorly in my original email).

Either way, I now agree that it's a much better idea to simply have one
mobile, and one desktop key, the mobile one being revocable.

On the other hand, Allen was saying that they wouldn't be able to get my
key without my password. If that's the case (and they actually got good
symmetric encryption based on that password), I would be a little more
comfortable leaving my private key in my phone. On the other hand, I
don't know how apg stores keys, so I'll have to check it out.

(P.S. Your first email had a signature verification failure, although
your second one passed, so I'm going to assume that something wrong in
the technology as your second email implies you also wrote the first).

~Leif Andersen

signature.asc

Michael Holley

unread,
Nov 25, 2010, 11:16:41 AM11/25/10
to uf...@googlegroups.com
I was thinking of having a "master" key that I take to key parties and it lives on my desktop, and that one never expires. Then I create temp keys that I sign with the "master" key to verify it so one level of photo copies over and over again. But what is the point of all that work? What do you gain by doing that? I don't much care for all that extra work, so I use the same key on my desktop and my phone. I personally think the best mobile solution is you store your key on a server you control, and stream the key via SSL to your phone on demand. 

Either way, you need a revocation certs for any key; on your phone or your desktop. On some of the sites I've read, they encourage you to print your revocation cert and store it. So if needs be, you can OCR it back and revoke your cert if something happens to your computer. I think that is over the top, but the PGP people are a paranoid bunch.

AGP has a folder called AGP on the phone where it stores the keys.

It's true to do anything with the key they would need to know your pass phrase, and as long as it is strong you are safe from the most part. I wouldn't be surprised if the government could crack it if they had both halves without your pass phrase, but maybe I'm giving them more credit than they deserve.

As for why my cert didn't verify is because I sent the email via an email address that isn't listed on my key, my bad.

Leif Andersen

unread,
Nov 25, 2010, 1:10:58 PM11/25/10
to uf...@googlegroups.com
I didn't think to print out the revocation key, that sounds like a good
idea though.

As for the pass phrase, there are other fundamental flaws with how
asymmetric keys work that would make me more paranoid than hoping the
government doesn't has the capability of determining the key from the
encrypted one stored on the disk. (Which is to say that the entire
thing relies on not being able to find the prime factorisation of
incredibly large numbers, which I'm told will be possible to do in the
near future with new types of computers).

Ah, I guess that explains it. I had actually thought of it, but
thunderbird was saying that they both game from your gmail address,
although the cert said it came from michael at innerthought.us

~Leif Andersen

signature.asc
Reply all
Reply to author
Forward
0 new messages