Subject: Re: wanted: educate us please on key dongles

On Wed, Aug 02, 2017 at 10:16:29PM +0200, Adam Borowski wrote:
> It would be nice if someone knowledgeable could educate the rest of us
> about physical key dongles -- a number of DDs/DMs/contributors still
> keep their secret keys on a regular disk, and could use a primer. Me
> included. I do have a backup key with plenty of sigs that's stored
> securely, but my regular key is on the same physical machine I test
> random software on.
> There's GNUK ("out of stock"), Nitrokey and others -- but how do they
> differ? Actually, at this point it would be easier to skip the
> details and say "if you don't know any better, buy X".
> Thus: can I has "key dongles for dummies", plz?

The need for such a document has been brought up several times, but
it's never actually been created (and indeed a general "what's my best
approach to managing keys"). It's on the todo list, but I think there
are a bunch of software pieces that need to also happen in order to make
it a smooth process that people can actually easily engage in.

Here, at a very high level without instructions of how to do any of it,
is what I think might be a suitable base:

* If you don't want to buy hardware, use an offline master key. Create
a certification only master key using something like PGP Clean Room
on a non-networked host, and store that on a USB key you only ever put
into your machine when running your clean, non-networked,
environment. Create at least 2 subkeys - signing + encryption - and
use those in your day to day work. You then only need the master key
when dealing with signing other keys, or updating your subkeys. In
the event of your subkeys being compromised or lost or whatever you
can just regenerate; because your master key is offline it should
remain secure meaning you don't have to go through the pain of
getting cross signatures again.

(All of this needs a nice easy work flow, including a set of scripts
or something to shuffle keys to sign off your network connected
machine onto a USB stick and then into the clean room to be signed
and then back to the USB stick to be shuffled onto the networked
host to be emailed out and this is why I haven't written the doc
because without tooling it's going to be 100 pages of the most
boring screenshots you've ever read.)

* If you want to buy hardware then one of the self contained USB
tokens that look like a smartcard + reader to the OS is probably
easiest. Part of the problem is that everything I've seen only
supports 3 keys on the device and those are one each of signing,
encryption + authentication. Which means you can't have a master
certification key and a signing subkey on the same device.

If you can manage it, have 2 devices; one with the master and the
other with your day-to-day keys. Otherwise I guess having a master
key that is signing enabled might be the best option? (Opinions,
anyone else?)

* For hardware I'm aware of the following:
* GnuK: My favourite choice. It's slow with RSA4096, but does
support it. The hardware is open. The software is open (you can
compile and flash it using tools available in main). Upstream is
responsive (and a DD). However it's physically not quite as
polished and there are availability issues.
* Nitrokey Start: This is based on the GnuK (note their other
devices are not) and seems like it might be a good alternative
that is more physically robust will still being reasonably Free.
I've not actually had my hands on one however so this is guesswork
- but they do pop up on the GnuK dev list occasionally.
* Yubikey. I'm not sure about this; it's entirely closed these days
I believe. However they're easily available and I understand
they're pretty robust in terms of living on a keyring all the

I appreciate this is not the "key dongles for dummies" asked for, but
hopefully it's more helpful than continued silence. I personally would
like us to get to the point where the "offline master" is our base line
for how contributors to Debian manage their key - it provides a useful
measure of extra security without the extra expense that a USB token
involves. That said a USB token is definitely a better option.


Life is a bitch, but some of the | .''`. Debian GNU/Linux Developer
puppies are cute. | : :' : Happy to accept PGP signed
| `. `' or encrypted mail - RSA
| `- key on the keyservers.

Attachment: signature.asc
Description: Digital signature

Programming list archiving by: Enterprise Git Hosting