

OpenPGP Best Practices - doubleg
https://we.riseup.net/riseuplabs+paow/openpgp-best-practices

======
malandrew
So one thing I don't get about PGP keys: If they are such a great solution,
why isn't PGP built into Linux as a core service? I'm not talking about simply
having it available as one of the standard packages. Instead I'm talking about
making it standard in tons of normal interactions. For example, the setup
process for any new machine should require the creation of a PGP key specific
to that machine. By adding this step, ever other application or service on the
machine can go ahead and assume the existence of a private/public keypair
specific to that machine. This opens up the opportunity for people to create
applications that use public key exchange with the outside world as a given
and therefore a reasonable default before passwords.

I would love it if the .ssh folder was also protected by default so that I
would know if any application every accessed it, I would be notified. I know
they are supposed to have permission 600 and normally won't be trusted if they
don't. Because of this, I've always thought it odd that they aren't created
with the correct permissions by default, instead of requiring you to
explicitly change it. I've also always thought it odd the .ssh folder and
files just as the .netrc file are not encrypted secure files by default that
always require a password to access or at least require a password to access
at least once every 5 minutes or so (like is sometimes required when running
another sudo command past a certain threshold.

If one of the Linux distros never take the lead here, it would be sweet if OS
X were one of the first ones to lead the way on legitimizing public/private
key generation and exchange by making it much easier, but still secure.

~~~
dmix
Good point. A lot of the security could be established on OS install, so the
keys are immediately encrypted, permissions set, etc.

Similar to gnome/OSX's keychain. Allowing integration for app devs via
standardized processes. I like it.

The only issue is PGP's implied "portability", so generating a new key for
each box is not sufficient if I want to open old emails. A (safe) import
process would be necessary.

~~~
XorNot
GPG needs a safe _sync_ process. Especially with it's mantra of "use many
different keys", it is a colossal pain to actually try and keep the keys for
different things synced across devices in a sane way (since it uses keychain
files and not standalone files).

------
dobbsbob
Somebody needs to do a best practices for pseudoanon OpenPGP like being
careful not to upload your key to a keyserver in the clear, unmasking
yourself. Not using any identifying info while generating. As an example look
at political or blackhat forums sometime and just examine the public keys
posted: hotmail addresses and traceable user nyms. Also avoiding anybody who
sends you a BCPG bouncy castle key or OpenPGP.js in the version header,
because they are probably using some ridiculously insecure browser encryption
addon.

~~~
jlgaddis
Riseup's "Digital Security for Activists" goes into a bit more detail:

[https://zine.riseup.net/](https://zine.riseup.net/)

------
pankkake
And submit your key to Phuctor:
[http://nosuchlabs.com/](http://nosuchlabs.com/)

~~~
zby
While we are at it - anyone knows how to verify PGP signature with just the
public key and withuot creating the keyring file? All the libraries I have
seen verify signatures against keyrings - but I want to store the keys in a
database and making a temporary keyring with just one signature to do the
verification sounds like an ugly hack.

Here is my question at stackoverflow:
[http://stackoverflow.com/questions/19683880/pgp-signature-
ch...](http://stackoverflow.com/questions/19683880/pgp-signature-checks-
without-keyring-using-just-the-public-key)

Just another example of how unnecessary coupling is thwarting new uses.

~~~
jlgaddis
Not exactly what you want, but perhaps something like this might help?

    
    
        export GNUPGHOME=/tmp/something
        gpg --verify ...
        rm -rf $GNUPGHOME
        unset GNUPGHOME

------
borplk
It's so damn easy to shoot yourself in the foot.

Do this but but don't do that oh and make sure about that, and this, and
that....

------
nullc
Is there a way to have your master identity key offline and delegate even
certifications (signing other people's keys) to a subkey?

To be honest, signing other people's keys is one of the _more_ frequent
activities I do with PGP, and I'd rather be able to independently revoke that
key without tossing my identity.

~~~
rmk2
The Debian Wiki might have a similar use case here:
[https://wiki.debian.org/subkeys](https://wiki.debian.org/subkeys)

Have a look if that helps you!

