diff options
Diffstat (limited to 'docs/_static/pgp-subkeys.html')
| -rw-r--r-- | docs/_static/pgp-subkeys.html | 236 |
1 files changed, 0 insertions, 236 deletions
diff --git a/docs/_static/pgp-subkeys.html b/docs/_static/pgp-subkeys.html deleted file mode 100644 index 2fc83b4..0000000 --- a/docs/_static/pgp-subkeys.html +++ /dev/null @@ -1,236 +0,0 @@ -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> -<html><head><title>Using multiple subkeys in GPG</title></head><body style="background-color: white;"> -<div>[ <a href="http://fortytwo.ch/">main gpg page</a> ] -<hr> -<h1>Using multiple subkeys in GPG</h1> -<hr> -<h2>Motivation</h2> -<p> -For a time, I've had two different gpg keys - one at home on my presumably -secure machine, one at the office, with NFS mounted home directory and -quite a few people having accounts everywhere. This worked, but the problem -is that when exchanging key signatures I always had to beg people to sign -both my keys. -</p> -<p> -With gpg and the possibility of having multiple subkeys, I can now have -only one key, but still retain the security feature that I don't have to -revoke my primary key (and lose all signatures on it) if the key at the -office is compromised. -</p> -<p> -<b>NOTE:</b> Most of the following can apply to both signing and encrypting -subkeys. Encryption subkeys can not be used to solve the multiple accounts -problem, though, please see the <a href="#problems">Problems</a> section -further down. Also, note that I don't use multiple encryption subkeys, so I -don't know if there are additional problems with them. -</p> -<p> -The following is based on <b>gnupg 1.2.1</b>. It should all work with newer -versions, too. Older versions do not support everything and have some -additional problems. As I really do recommend you use a recent gpg version, I -have omitted anything related to older gpg versions. -</p> -<h2>Basics</h2> -<p> -Generate a normal key pair, or use an existing key. Usually this will be a -DSA/ElGamal key (this is what I use), but using RSA or other keys is -equally possible. Be sure to do this on a 'really secure' machine. -</p> -<p> -Then "<tt>gpg __edit <i>keyid</i></tt>" the key and add a further subkey -using "<tt>addkey</tt>". "<tt>save</tt>" will store the new subkey on the -keyring. You'll want to save the whole key (secret and public) with -"<tt>gpg __export <i>keyid</i> > pubkey</tt>" and "<tt>gpg -__export-secret-key <i>keyid</i> > seckey</tt>". Best copy those files -onto an offline storage, too. (A basic working knowledge of how to use a -command line and how to deal with files is assumed. Also, you should know -a bit how key handling in gpg works. If you can't see what the above commands -do, you better do <a href="http://www.gnupg.org/gph/en/manual.html">some -reading</a> before continuing here). -</p> -<p> -Now you should also <b>back up your keyrings</b>, as the following has to -work on a keyring to work around some missing or broken gpg features. -</p> -<p> -As you probably will only take one of the subkeys to your not-so-secure -location, "<tt>gpg __edit <i>keyid</i></tt> and delete the subkeys you -don't want to expose (mark them with "<tt>key <i>n</i></tt>" and then delete -them with "<tt>delkey</tt>"). -</p> -<p> -"<tt>gpg __export-secret-subkeys <i>keyid</i> > crippled.seckey</tt>" -will then export the remaining subkeys, without the keymaterial of the -primary key. -</p> -<p> -Now, you can restore the keyrings (secret <em>and</em> public, since -deleting the subkeys has also deleted the public subkeys!), and your secure -machine is ready to use. Perhaps you don't want to use your 'insecure' -subkey on your secure machine - again, "<tt>gpg __edit <i>keyid</i></tt>", -"<tt>key <i>n</i></tt>" and "<tt>delkey</tt>" takes care of this; again, it -is necessary to re-import the public key. -</p> -<p> -On your 'insecure' machine, you do "<tt>gpg __import pubkey -crippled.seckey</tt>" (the same files you've generated above), now you're ready -to use gpg on the 'insecure' machine. To verify that you really don't have any -secret keys you don't want, have a look at the output of "<tt>gpg -__list-secret-keys</tt>": all primary secret key where the key material is not -present are marked with '#'. -</p> -<pre> -$ gpg __list-secret-key testuser -sec<b>#</b> 1024D/971B7A70 2003-01-03 testuser <testuser@mydomain.foo> -ssb 1024g/ACDF80C4 2003-01-03 -ssb 1024R/BE9CA308 2003-01-07 -</pre> -<p> -Of course, you'll have to publish your new public key, so people can -verify your signatures and send you encrypted mail. Read the <a -href="#problems">Problems</a> section for a few comments about this. -</p> -<h2>Effects</h2> -<p> -Keys are always signed with your primary key, so you (or any attacker) won't be -able to sign other keys with the key on the 'insecure' machine. This is why we -started doing all this acrobatics after all. </p> -<p> -You will always be able to revoke a subkey (just "<tt>gpg __edit -<i>keyid</i></tt>", "<tt>key <i>n</i></tt>" and "<tt>revkey</tt>") when you -have the primary secret key available, even if you lose your secret subkey. -Meaning: you may use a secret subkey at an office location, and it is not -strictly necessary to back it up on a secure location (It's still a good idea, -though). The reason for this is that a revocation is really a signature on the -subkey - and this signature is done with the primary key. Of course, this means -that you can't revoke a subkey when you don't have the primary secret key. -</p> -<p> -If you're signing documents, gpg will always try to use a subkey if one -is available, and announce this with a message like "<tt>1024-bit DSA key, ID -E5A7F7D6, created 2002-08-22 (main key ID 92082481)</tt>" . Verifying such -signatures used to cause a similar message, but at least with gpg 1.2.3 no -indication is given that the signature was made with a subkey. If you want to -use a specific subkey (or the primary key), you have to specify it with the -"<tt><i>keyid</i>!</tt>" syntax. I don't remember what happens if more than one -signing subkey is available; I'm sure you can find details on this somewhere in -the <a href="http://www.gnupg.org/documentation/mailing-lists.html">gnupg -mailing list archives</a>. -</p> -<h2><a name="problems">Problems</a></h2> -<p> -The above approach has several problems that may lead to you not doing -things like this. <b>These are not just possible problems. These are real, -and <em>will</em> affect you! You have been warned.</b> -</p> -<p> -First, distributing secret subkeys this way (one subkey for each -account/machine you use) only makes sense with signing subkeys. You can have -multiple encryption subkeys, but you can't force people sending you encrypted -mail using a specific subkey. Naturally, if you're using encryption for -yourself, you can chose the encryption key to use with the -"<tt><i>keyid</i>!</tt>" syntax. The presence of multiple encryption subkeys -is, however, useful if you revoke an older one to replace it with a new one. -</p> -<p> -Old PGP versions apparently can't cope with such keys. I didn't verify this -myself, but people on the gnupg-users mailing list said that current PGP -versions (up to 7.x) can not verify signatures from a subkey. With PGP 8 the -situation is a bit more complicated: PGP 8 can verify subkey signatures, but -has still problems with multiple subkeys: a key with a signing subkey that is -newer than the encryption subkey cannot be used for encryption in PGP 8. A key -where the encryption subkey is newer than the signing subkey can be used for -encryption. So, when you create your key, generate it as 'signing only' key -first, then generate all the signing subkeys you need, and in the end generate -the encryption subkey. (Thanks to David Shaw for this info). -</p> -<p> -Most keyservers can not handle keys with multiple subkeys. Some of them even -make these keys unusable. This should get better soon, as JHarris has written a -patch for the pks keyserver, and keyservers with other software that handles -this are deployed more widely. The keyservers that can handle multiple subkeys -are summarized as <tt>subkeys.pgp.net</tt>. -GnuPG 1.2 added code to recover somewhat when a broken key is retrieved - one -of the subkeys is useable (the others can't be used, as the signature binding -the subkey to the primary is lost). -</p> -<p> -Besides corrupting keys with multiple subkeys, all of these old keyservers -will also only search keys based on the primary key id - so, automatic key -retrieval on signature verification will not work, too. Yet another -reason to oonly use the subkeys.pgp.net keyservers. -</p> -<p> -Finally, keyhandling is not comfortable with such keys - the user interface of -gpg could be better. The following is valid for gpg 1.2.1, some things may be -fixed in newer versions.: -</p> -<ul> -<li> -"<tt>gpg __import <i>secret key</i></tt>" does not merge the keys properly. -If a secret key is already present, additional secret subkeys are not -imported. Also, a dummy primary key is not replaced by the real subkey on -import. Workaround is to shuffle around the keyrings, or do -"<tt>__export</tt>"s at all stages and use "<tt>__delete-secret-key</tt>" -often. (People with masochistic inclination may probably also use -combinations of <tt>gpgsplit</tt>, <tt>cat</tt> and "<tt>gpg __export</tt>" -and "<tt>__import</tt>. I've not tried this.) -</li> -<li> -"<tt>gpg __export-secret-key <i>keyid</i>!</tt>" and <tt>gpg -__export-secret-subkeys <i>keyid</i>!</tt>" should really only export the -named subkey (or the primary stripped of all subkeys). Much keyring shuffling -could be avoided. (<b>2003-02-12:</b>David Shaw added this to the development -branch of the gpg code. Great!) -</li> -</ul> -<h2>Links</h2> -<p> -Some additional reading that might be interesting: -</p> -<ul> -<li> -The <a href="http://www.ietf.org/rfc/rfc2440.txt">rfc2440</a>, specifying -the OpenPGP key format. -</li> -<li> -The <a href="http://www.gnupg.org/gph/en/manual.html">GNU Privacy Handbook</a> -is a fairly complete manual to gpg. -</li> -<li> -The <a -href="http://lists.gnupg.org/pipermail/gnupg-users/2002-August/014721.html">using -various subkeys</a> thread on the gnupg-users mailing list, where most of these -issues were discussed. -</li> -<li> -The <a -href="http://lists.gnupg.org/pipermail/gnupg-devel/2002-September/007700.html">using -subkey signatures</a> thread on gnupg-devel where I asked about the auto key -retrieval problem. -</li> -<li> -Other <a href="http://atom.smasher.org/gpg/">tutorials</a> on advanced black -magic with keys by Atom Smasher, dealing with what you can do with subkeys. -</li> -</ul> -<h2>Acknowledgments</h2> -<p> -Of course, thanks to the gnupg crew for the cool software, and especially to -Werner Koch and David Shaw for replying to my initial questions about this. And -to Jason Harris for fixing pks to accept keys with multiple subkeys, I hope -this patch spreads really fast as soon as it is officially out. -</p> -<p> -</p> -</div> -<hr> -<div style="font-size: x-small;"> -©2002-2004 <a href="mailto:avbidder+gpg@fortytwo.ch">Adrian von Bidder</a> -- Permission to redistribute and/or modify this document is granted if (i) the -original author (Adrian von Bidder, Switzerland) is acknowledged and (ii) the -document remains freely available for distribution and modification. -</div> - -</body></html> |