How and where to store your private PGP key

Reporter · 2016-04-25 15:06:26 UTC

I have a concrete problem I am struggling to find a solution to.

I don't know how to store my private PGP-key. Where can I find it on my OS X machine, how can I transfer it to a portable external tool and use it when I need it in the most practical way, without having to use command line? Do I need to buy a smart card, a Yubikey how to do it in practice etc.

Today, it is only stored on my machine - and that is not good enough in my opinion.

Thunderbird+Enigmail+Torbirdy

Looking forward to your eventual advice about this..

mshelton · 2016-04-25 15:19:59 UTC

Hey @Reporter. If you're using Thunderbird + Enigmail, I assume you've got GPG tools all set up. You can export your keys within your GPG keychain. You can do that by opening your GPG keychain, clicking on your name, and clicking export at the top. If you want, you can export the private key in the file as well. Obviously you want to be careful where you put the private key.

To your other question, you can definitely use PGP with a yubikey. Takes a little effort to set up, but it will probably make your life easier down the road. Here's a pretty good primer on how to do that.

Mind if I ask why you're concerned about storing it on your machine? (It's probably better operational security to minimize the number of places you store it.)

Reporter · 2016-04-25 15:27:24 UTC

Thanks a lot, will try..

Reporter · 2016-04-25 15:29:49 UTC

Why: Well, I've heard that is more secure to have it on an external device, it is also for being able to use the same key on other devices. But maybe it's not a good idea..

exvxs · 2016-04-25 16:20:37 UTC

OS X + Thunderbird + Enigmail

If you private key or key pair is on your computer, you should encrypt it, since there are malware programs that only look for:

------BEGIN PRIVATE KEY------

and then copy that text below, which makes your whole PGP scheme worthless b/c someone else can decrypt your comms. You can use a program like TrueCrypt or VeraCrypt, and store the passphrase on a local password manager. If you like, you can also use a key file for these encryption programs instead, which might allow you to strike a balance. You could have your private key on your computer, but it would not be accessible without the key file, which could be kept separate.

grugq · 2016-04-25 19:35:47 UTC

I will try to approach this from a pragmatic POV.

Just use a YubiKey
Try to avoid PGP for more secure protocols instead (e.g. Signal, WhatsApp)

Stressing about how to protect and setup a working PGP environment is mostly a waste of time, in my opinion. All those detailed PGP guides with their dozens of arcane command line minutiae and strict rules about where to put which sub key or what type in which safe... meh. Either your laptop will be compromised by malware, or it won't be. If it is compromised, then if the key is on the laptop then it will be stolen. If it is not compromised, then it doesn't really matter because PGP is safe enough on the wire (generally speaking).

So use a YubiKey. This will protect your key even if your laptop is compromised by malware. Use one of those guides to figure out how to setup and use the YubiKey, but don't stress about it too much. The main annoying thing with the YubiKey is that they tend to go missing, in which case you'll lose access to all your emails. If that is a problem (and it is damn annoying), then you'll need to figure out something else. For example just living with your PGP key on your laptop.

That brings me to my second point. In general, a laptop is significantly less secure than an iOS device. Even a Nexus Android device (kept patched) is more secure than a laptop. PGP is a horrible protocol for message exchange, requiring far too much heavy lifting from the user. Wherever possible, try to use modern chat applications based on the Signal Protocol. This will give you much higher level of security (generally speaking) with far fewer error cases than using PGP.

Remember that the more copies of the key you have, on more devices, the more likely you are to lose that key (have it compromised). Simple matter of the law of large numbers... PGP fails catastrophically when a key is lost -- all existing encrypted messages can be decrypted. This is why it is better to not use PGP and use a better security protocol if at all possible (see: Signal, WhatsApp, Threema, Wire, even Telegram).

Again, just use a YubiKey and try to use Signal/WhatsApp whenever possible.

Reporter · 2016-04-25 21:30:46 UTC

Thanks a lot for great advice, I was not aware of this. I realize that it adds another layer of complexity to the already complex PGP ecosystem..

Reporter · 2016-04-25 21:39:06 UTC

Thanks a lot for very interesting advice. The problem with Yubikey, is that it is far to complicated to handle for non-technical users, unless they get configuration help. Following the "how to"-guides -for example on how to transfer your private key to Yubikey seems almost impossible. Replacing the PGP-email needs with encrypted chat apps when possible seems like a good idea for both less-technical reporters and their sources - who usually don't have a clue about any of this stuff (unless they are hackers and security professionals).

exvxs · 2016-04-25 22:26:40 UTC

It does. I'm inclined to side with the Grugq on this one, that forward-secure systems, like Signal, OTR, and WhatsApp, are better in the long run than PGP is. I added OTR b/c I think it's got potential, but there are serious problems with the chat clients, if not with the encryption itself. I think it has good potential though.

jonathanstray · 2016-04-26 00:59:08 UTC

PGP is such a usability disaster that I've accidentally sent an unencrypted email with it. Email is also the first target for phishers, hackers, and law enforcement. While I do use PGP from time to time, my honest recommendation is: do not use email for anything that would require security, if you can avoid it. Unless, perhaps, Google is not a threat and both ends use Gmail with 2-step logins. And even then beware the fact that everything is archived.

tptacek · 2016-04-26 01:07:40 UTC

The good news about what he's saying is that he's liberating you from caring about all PGP nerdery. No subkeys, no weird commands. Just do the simplest thing with PGP that can possibly work. Basically, there are two reasonably safe things to do with PGP:

Use it in "conventional" mode, with -c or whatever, to encrypt individual files on your own computer, so they're secure when you're not using them. You do this because individual file encryption is much safer than full disk encryption.
Use it for messages with personal PGP keys you change very regularly. Don't try to do lots of work on different projects with a single key. Apply PGP topically, as needed. Your PGP application will encrypt your keys for you. It's not great, but it's the best you're going to do on a laptop.

Even though full disk encryption sucks, you should make sure full disk encryption is enabled on your laptop, so that you must enter a password when it wakes from sleep.

When you archive old messages, do it to an encrypted backup, and back up and delete your old PGP keys at the same time.

Reporter · 2016-04-26 06:56:06 UTC

Simply trying to avoid e-mail altogether is an interesting approach and it makes sense. What about Mailvelope? Is that an option to consider when using Gmail, that simplifies PGP use for non-technical users -or is it somehow insecure by design?

jonathanstray · 2016-04-26 15:25:05 UTC

If Mailvelope works for you and your users, go for it. I know of no reason to suspect it has security issues -- beyond the issues with GPG email in general, which can be a real problem. Mailvelope + Gmail might be a good option. It all depends on your users and your threats. Who wants to know what?

susanemcg · 2016-04-26 16:00:49 UTC

Hi @Reporter,

The Yubikey documentation is pretty incomplete/problematic, but I'd be happy to share the list of steps I did with my students to get their private keys onto their Yubikeys if you'd like. The other nice thing about Yubikey is that you can use it as a second factor (if you're not already) for Google Apps and a bunch of other services, so that you can access these accounts from someone else's machine even if you don't have cell service/data &c. The Yubikey is also pretty phishing resistant (I get fake "Reset your password" texts from "Facebook" all the time).

Reporter · 2016-04-26 19:11:17 UTC

Well, thanks that's very generous of you. I would definitely need such a tutorial, because I struggled with the one tutorial another user in this forum suggested earlier..

fowlslegs · 2016-04-28 01:29:50 UTC

There are surely less labor intensive walkthroughs to getting your Yubikey setup, which you should probably find and use, but as far as "going the full nine yards" and generating your keys on an "airgapped" machine, this guide by my coworker is as straightforward as this process can be considering it's still GPG: https://gist.github.com/ageis/5b095b50b9ae6b0aa9bf.

susanemcg · 2016-04-28 19:08:14 UTC

No problem! Here are the steps I used:

Generate a key, copy down its key ID (or just copy down your key ID)
Insert Yubikey
Open terminal and use: gpg --expert --edit-key your key id here
Use: toggle (enter)
Then: keytocard (enter)
-> You may get prompted for an "Admin PIN" here (which for some reason it seems to want you to enter twice sometimes). Unless you've changed it, the PIN is 12345678.
Choose (1) (enter)
Type: key 1 (enter)
Then: keytocard (enter)
Choose (2) (enter)

I actually worked this out because I wanted to use an existing key, and the Yubikey docs didn't really show how to do that.

A few other notes/tips:

1.The operating system you're using matters. If you're using it on an older Mac OS you may run into situations where the correct configuration commands (like the above) just don't work. If you can use a newer machine/OS to configure the key, however, it works fine on older operating systems (in my experience).

2.In order to encrypt/decrypt on a machine using the key on your Yubikey, that machine's copy of GPGTools must have your public key in its address book. The first time you want to encrypt/decrypt, plug in your Yubikey and in Terminal enter:

gpg --card-status (enter)

That command basically tells that computer's copy of GPGTools to look for the private key on your card.

The disconcerting thing is that if you run the command:

gpg --list-secret-keys

after you've removed your Yubikey, it will still list your secret key as available (even though it won't actually encrypt/decrypt anything without the key inserted). This also means that there will be some evidence of your key having been used to encrypt/decrypt on that computer (this might be possible to delete, I'm not sure). So you still probably wouldn't want to start encrypting/decrypting on just any old computer.

3.Once you've got your secret key on the Yubikey, you will be prompted for the User PIN rather than your passphrase (at least after the first time - or that's been my experience so far) when you plug it into a machine. The default for this is 123456. This means, of course, that you definitely want to change the User PIN and Admin PIN from the defaults, and keep close track of the Yubikey itself.

Hope this was helpful. And if you have any other questions, let me know. I'm still working through this myself, so happy to hear about issues that others are having.