
Creating the perfect GPG keypair - lelf
https://alexcabal.com/creating-the-perfect-gpg-keypair/
======
Tepix
I can't believe they use an existing domain, shire.org for their example.

I'm one of the owners of a domain name that's people use as dummy address when
they sign up for stuff. I can't stand getting mail like that.

There is a reserved name for examples, it's EXAMPLE.COM.

~~~
StavrosK
Every domain except for example.com is an existing domain.

~~~
Tepix
RFC 6761 has the details:

example.com, example.net and example.org for second level domains and the top
level domain "invalid."

------
beefhash
And the length of this is exactly the reason why Johnny still can't encrypt
and doesn't want to know how.

Getting things right, including disaster recovery, should be done correctly
and silently by default.

~~~
tptacek
I agree. Almost nobody who uses GPG does any of this.

I think people should use GPG without any of the extra options, bells, and
whistles. If they really need advanced usage stuff, they should use something
better than PGP.

~~~
pmoriarty
This makes me wonder why GPG isn't more secure by default. If these are the
"perfect" settings, why aren't they the defaults?

What happened to making the right thing to do the easiest thing to do?

------
pmoriarty
You may want to reconsider sending email that's merely encrypted as it will
single you out as an encryption user and perhaps increase your likelihood of
being found interesting (should you care about such things).

In addition to encryption you may want to use steganography[1] and do so in a
way that will hopefully withstand traffic analysis.[2]

Some other things to consider:

A - Remember that no matter what faith in math you may have, and no matter how
careful you are, your messages may someday be decrypted. So consider carefully
what you write, especially if you place your encrypted messages/data somewhere
public or if they flow through a public network such as the internet.

B - The authentication and undeniability features of public key crypto and the
web of trust, which can be so useful, can also be a two-edged sword, should
the plaintext or sometimes even just the ciphertext[3] fall in to the wrong
hands.

C - Don't forget your passphrases or lose your keys. Or, if you do forget or
lose them, destroy anything encrypted with them or the keys they protect, as
you may be[4][5] kept in jail until you cough them up -- which you can't if
you don't have them or don't remember them.

You might think you're not important enough for any of this to matter. Or you
might think you have nothing to hide (not likely you think that, if you're
bothering to use gpg). Or you might think it can't happen to you. But it's a
bad world out there. No longer are we in the world where gpg use was
considered merely a geeky hobby, used only by a handful of innocent nerds. The
world is a much more paranoid place these days, and you should really think
carefully not just about the security of your keys, but all of the above.

[1] -
[https://en.wikipedia.org/wiki/Steganography](https://en.wikipedia.org/wiki/Steganography)

[2] -
[https://en.wikipedia.org/wiki/Traffic_analysis](https://en.wikipedia.org/wiki/Traffic_analysis)

[3] - due to traffic analysis, or if there's some indication (such as
signatures or headers) of who sent it or to whom

[4] - not necessarily through any fault of yours (see "Three Felonies a Day")

[5] - depending on your legal jurisdiction and how sympathetic the judge is

~~~
grhmc
> kept in jail until you cough them up

My understanding is this is contempt of court in the US, which comes with 6
months in jail at a time, at which point the prosecutors have to proactively
request the renewal of your imprisonment, and usually don't.

------
zz1
The arguments made by Alan Eliasen seem worth considering to me. And his
tutorial is great.

[http://futureboy.us/pgp.html](http://futureboy.us/pgp.html)

------
cronjobber
The site is down for me, so I can't comment on anything but the title: The
definite article immediately suggested a _unique_ perfect keypair to me...
which would be a funny thing.

------
konstruktors
I think it's time we finally move to generating and storing secret keys on
secure elements (Yubikey, NitroKey). This way we only need to worry about the
physical security of the key and nothing else.

No air-gapped machine and a random flash memory stick (for storing the backup
of the private key) can be considered as secure as the secure element.

~~~
tokenizerrr
And then you drop your key and lose it. Or it gets ran over by a car or
something. Now what?

I love my Yubikey, but I generated the keys on it on an air-gapped machine and
wrote them to two DVDs and the Yubikey.

Unless you can get everyone to send you messages to encrypt them to both your
main key and your secondary backup key you will regret not having backed up
your primary key.

~~~
konstruktors
> And then you drop your key and lose it. Or it gets ran over by a car or
> something. Now what?

You can't have both, I think. With a physical key your only concern is the
physical security of the key. One should print out the revocation certificate,
though.

I don't think many people lose their home keys or get them run over by a car.
It's just a matter of making that a priority.

~~~
mschuster91
> I don't think many people lose their home keys or get them run over by a
> car.

All it needs is some idiot emptying his drink over your pants to fry an USB
device. Or a drunk driver crashing into your bike and breaking the device.

Print out your passphrase-protected keyset, put it together with an encrypted
copy of your most common passwords (I know _no one_ uses a dedicated password
for every site!) and your KeePass/Keychain/... database in a bank safe and one
in your home's safe.

Put the password to said DBs in your will (or deposit it at a notary's
office), so that in case you die your relatives will be able to shut down your
online presence, but not if either the bank, your safe or the notary get
busted.

~~~
heinrich5991
Yes, people do use different passwords for each site, and you should, too. :)

~~~
mschuster91
We all have those legacy accounts flying around somewhere ;)

------
Corrado
I really like this walkthrough. GPG/PGP is pretty complex and getting all the
pieces correct is very difficult. In fact, one major reason that I don't use
encryption more is that I'm scared that I'll forget a passphrase, or not
transfer my keys to a new computer, or lose my "master" key.

However, I wonder if something like Keybase.io might be better. Using Keybase
I can do everything outlined in this walkthrough but in a much more user
friendly way. I can even instruct other users on how to send me encrypted
files without too much trouble. Does Keybase replace the need for shuffling
keys around and worrying about losing my keys?

~~~
icebraining
Keybase does offer to store your passphrase-protected private key with them
(but never requires it!), so it does help to alleviate those problems. On the
other hand, you could do the same using any kind of file syncing tool. And you
still have to remember the paraphrase.

More importantly than that, though, since Keybase offers a new way of
authenticating any key you upload (even if it's less secure than meeting
personally and signing each other's keys), losing it is much less problematic,
as you can just generate, upload and authenticate a new one.

------
kijin
Why is the author so concerned about the laptop getting stolen? Even if you
know nothing about GPG, your laptop should be encrypted. Even if you somehow
can't use full-disk encryption, your private key should be protected with an
equally strong passphrase. The thief gets nothing but a useless chunk of
base64-encoded blob.

Now of course this doesn't mean that subkeys are unnecessary, but the author
should probably find a more realistic threat model that readers who are
already privacy-conscious can more easily sympathize with.

------
tshadwell
Some time ago I too resolved to do this properly and with my limited bash-fu
wrote a script to automate the process of installing GPG to a master USB key
you can physically secure which can be used to drop a subkey on a PC. Most of
the stuff you see in GPG tutorials can be done with a short gpg --batch.

Here's the (67 Lines of Code) script:
[http://pastie.org/10631164](http://pastie.org/10631164) It's not really
prepared for public release so forgive some ungainly code.

------
Xeago
I wonder how much of the commands do this, do that, can be put in a batch
file? Seems much easier to comment and distribute that than to follow a blog
post over once every few months to rotate your key. Would anyone know if and
how much can be done in such a way? Is the bath-mode only capable of
instructing the generation of a single key? Must we resort to other
programmatic invocations of gpg?

------
yason
My GPG keys are protected by a passphrase and that has, so far, deemed enough
subjective security in order to allow me to rather liberally store copies of
the keys as backups on computers and servers I use. It may depend on your
personal security requirements whether that is not enough.

------
totony
Isn't this article just a reformulation of the Debian Wiki?

------
venomsnake
I can see a subtle problem with that scheme - the attacker will be able to
read also all of your future communication.

~~~
tokenizerrr
That would only happen if you do not know your key has been leaked. If you
know the "laptop key", as this article calls it, has been leaked you revoke it
immediately and do not use it anymore. It being revoked should mean that other
people (whose clients download the revocation list) will not be signing new
communications with your compromised key anymore.

