New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Using OpenPGP/GnuPG? How do you protect your Private Key?
elijahpaul
Member
in General
I know a few people who store it on their laptops/workstations!
On the other end of the spectrum, I know a guy who split his key up into 3 parts, encrypted each part, printed them to paper (QR Code), and stores them offline in 3 different physical locations!
I'm curious as to what measures you take in storing/securing/protecting your Private Key(s)?
Offline (USB), Online!, Paper?
Comments
In my YubiKey Neo
Create subkeys for general use, and keep the master key under a hardware encrypted USB stick in my home. I also keep a double encrypted version in Amazon's S3 (just in case).
As simple as that.
Whole filesystem is encrypted though and I pretty much never take this laptop with me.
@Silvenga This is pretty much what I've done.
@socials Are you not worried about this latop getting damage or stolen?
I have myself a nice little Free Software Foundation Europe Smartcard: https://fsfe.org/fellowship/card.en.html which holds my GPG (and a few other) keys, protected with a password of course.
My machines all have either internal or external smart card readers. I have two backup smartcards in two different safe's...
@Raymii
That's a very good service. Here in my country tokens are mostly used by corporation not individuals.
This is very cool (and secure). Will check it out.
We recommend Yubikey Nano-n Premium for $60, you get a smart card token that fits inside of your USB port. Discrete and easy to hide. Smart Card tokens are the only real way to protect your private key from trojans. https://www.yubico.com/products/yubikey-hardware/
Very nice. What external readers do you use?
This one: http://www.hidglobal.com/products/readers/omnikey/3121 - the laptops have an internal one. My Dell keyboard also has one built in.
Has anyone used fingerprints to secure the private key? I've seen more laptops with fingerprint readers than smart card scanners.
Since I use ThinkPads with fingerprint readers, this did cross my mind.
I came across a piece of software that allowed you to use your fingerprint as your private key passphrase, but for the life of me I can't remember the name of it!
EDIT: interesting answer to fingerprint security on security.stackexchange.com
I was thinking we would still use the passphrase. :P
That Yubikey Neo is looking nice right now. It can act as a card reader for the majority of computers that don't have card readers and has the ability to secure my Keepass database.
Fingerprints are bad as passwords since you can't change them and leave them everywhere...