[Durham] GPG with multiple devices

[mark]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi Olly

On 20/08/14 22:26, Oliver Burnett-Hall wrote:
> From my reading, subkeys appear to be one possible solution to
> this. If I understand this right, here's what I think I need to
> do:
> 
> 1. Create a new master key, selecting the sign-only option. 2. Do
> stuff like add additional identities, tweak encryption settings, 
> and so on. 3. Create a single encrypt-only subkey. 4. Create
> multiple sign-only subkeys, on for each device. 5. Generate a
> revocation certificate for the master key. 6. Send a copy of the
> master public key to a keyserver.

So far so good, I think

> 7. Somehow (I'm not exactly sure how this step is done) export/copy
> to each device the single encryption subkey and the signing subkey
> for that device.

On the machine you've generated your subkeys on, find the ID of your
secret subkey:

> gpg --list-secret-keys

Then, export the subkey you want to move to (say) your phone as an
ascii-armoured file, using

> gpg --export-secret-subkeys YOURSUBKEYID!

Then, move the resulting file to the phone out-of-band, eg. by
mounting the storage directly to your workstation and writing it
accross. Do not, for obvious reasons, use anything like dropbox to
move it between devices

Then on your phone, import it:

> gpg --allow-secret-key-import --import subkey.asc

> 8. Move the master key to a USB drive and put in a room guarded by
> a three-headed dog.

Also, I'd suggest copying all the revocation certificates to all the
devices, so if one device gets compromised, you can revoke it from the
others.

If you want to be really hardcore, you could also store your
revocation certs in other places, e.g. by steganography

> Once this has been done, it would be possible to start building a
> web of trust by having people sign my master key, and using my
> master key to sign theirs.
> 
> If I were to lose my laptop I would have to revoke my encryption
> subkey and the device-specific signing subkey. I could then
> generate a new encryption subkey and copy it to all my devices. The
> advantage of this is that my master key would be unaffected.
> However, and what I'm not sure about, is how other people would
> know about the revocation. Is there any automatic checking for
> revoked certificates done by GPG/PGP? Or would I be relying on
> people manually re-fetching my certificates from keyservers?

Yes, people need to keep their public keyring synced in order to pick
up your revocation.

> Has anyone done something like this? Does it make any sense at
> all?

What do you think about setting up a cryptoparty? We could go through
this stuff together and sign each others keys if we set aside a few
hours. Maybe somewhere a bit quiter than the rowing club, with a
projector? Can anyone borrow a room like that at the Uni for an
afternoon or evening?

I'm definitely keen to get everyone encrypting everything - it's our
best weapon against the surveillance state.

Cheers,
Mark

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Icedove - http://www.enigmail.net/

iQIcBAEBCAAGBQJT9m8pAAoJECivkG/nESo7oyoP/jAbnBgaLsAb0nUyOmCEaS7h
CEmTSjcooi1Kckh+RRBd1PPoyRZNzljIE7WClEyliBJHeyrOv0ZIK6JSjw2pIMIz
cTcV5oTqWeMHeNnQO5pxib4kDlMUBlqH/OySCQF3iRe1LEIfL0OiT9a+3on/1Q+Y
uk3t5jd0ucWxeW9lDY06/W7AawoXOC7igusBS+xQVu8CxZODwAXEgPTlL8zLiDrH
WfoVtyna7oxyub4LWQYK+22qmkNmigyeYc/c3UOzw6z0nsfz7JmLDRqJb+++Zazc
Cimi4xq2wA8d+xwKGsflL1r3fbMWKF9PDocpDoz5Kd93a1wdqO14Iuuw2Y2IEwLP
3wHo5ZMBdJN3vn3tkQMH4PdK5YuotUS+B+safof2h/2vdQD7vKN9ObnTuZZzzmqW
cSRqVxmM0eR8FAkD67LmrEy4+Z99FiFu58C/tj2DmtL9T8x79bfFeqCjC0ZNiL9u
50IVKFynCWHZZwE6HuWM+2Rh76ydqtjM0rvvURB82bJeI97DNM74z0O5P2peo55Z
ZModa80VNAMYPA3riHF4e/GeAsm3lkQR3rnGV3hgWWMiiDpmC/y1gCWKawt75VzP
ITN1Ekbjw8F8wNxnD9kMU1z4By0+hwM2QyR9gjCKH+cp2IFRpLvjfzJOL44iIfKt
uC9dlDInzpeZDwLwM1lt
=+q6k
-----END PGP SIGNATURE-----