gnupg

warning: Creating default object from empty value in /home/gwolf/drupal6/modules/taxonomy/taxonomy.pages.inc on line 33.

Key migration: rsa4096/0x673A03E4C1DB921F → ed25519/0x2404C9546E145360

Submitted by gwolf on Fri, 11/22/2019 - 20:08

Oh, the joys of life... I see myself forced to do a key migration.

No, no — Don't worry! My key didn't land in any hostile party's hands. And I still kinda-sorta-have access to it.

Let me explain. I was quite a happy user of a Yubikey, kindly given to me in mid-2018. As the recommendation goes, I backed up my master key's secret material to an offline media, and kept the relevant subkeys in the Yubikey; I love knowing my computer does not have access to the private keys although it can use them — The Yubikey provides just the needed interfaces for them. And here they are:

$ gpg --list-secret-keys 
/home/gwolf/.gnupg/pubring.gpg
------------------------------
sec#  rsa4096/0x673A03E4C1DB921F 2009-07-09 [SC] [expires: 2020-12-19]
      Key fingerprint = AB41 C1C6 8AFD 668C A045  EBF8 673A 03E4 C1DB 921F
uid                   [ultimate] Gunnar Eyal Wolf Iszaevich 
uid                   [ultimate] Gunnar Eyal Wolf Iszaevich 
uid                   [ultimate] Gunnar Eyal Wolf Iszaevich (Instituto de Investigaciones Económicas UNAM) 
ssb>  rsa4096/0x92853D8CF7F6543F 2009-07-09 [E] [expires: 2020-12-19]
ssb>  rsa4096/0x80382A731F474556 2018-07-31 [E] [expires: 2020-12-19]
ssb>  rsa4096/0xA5F64FDEB981CD8C 2018-07-31 [S] [expires: 2020-12-19]
ssb>  rsa4096/0x49DD2A4E4979619C 2018-07-31 [S] [expires: 2020-12-19]
$ gpg --card-status 
(...)
Signature key ....: FA42 3AA0 6D8F E9ED 5D6C  5E42 A5F6 4FDE B981 CD8C
      created ....: 2018-07-31 03:29:09
Encryption key....: 0DE6 49DF 2778 E904 94B6  7952 9285 3D8C F7F6 543F
      created ....: 2009-07-09 23:20:40
Authentication key: 7C79 5E53 9968 8DDF 66F7  D620 49DD 2A4E 4979 619C
      created ....: 2018-07-31 03:31:16
General key info..: sub  rsa4096/0xA5F64FDEB981CD8C 2018-07-31 Gunnar Eyal Wolf Iszaevich 
sec#  rsa4096/0x673A03E4C1DB921F  created: 2009-07-09  expires: 2020-12-19
ssb>  rsa4096/0x92853D8CF7F6543F  created: 2009-07-09  expires: 2020-12-19
                                  card-no: 0006 05009847
ssb>  rsa4096/0x80382A731F474556  created: 2018-07-31  expires: 2020-12-19
                                  card-no: 0006 05009847
ssb>  rsa4096/0xA5F64FDEB981CD8C  created: 2018-07-31  expires: 2020-12-19
                                  card-no: 0006 05009847
ssb>  rsa4096/0x49DD2A4E4979619C  created: 2018-07-31  expires: 2020-12-19
                                  card-no: 0006 05009847

Until... One sad day, I discovered I could not decrypt documents sent to me anymore. While signing and encrypting do work:

$ date | gpg --encrypt --recipient 0x673A03E4C1DB921F --armor
-----BEGIN PGP MESSAGE-----

hQIMA4A4KnMfR0VWAQ/+J/Onblw3M/PwZ6ekhz3Ojnzf3pxlObLcNNNZMOlvUApK
uOAAMQ/YF/cueUbxSZT8+Yt4HV8iijVvI1Y4AK7ELvcjxdBhvmfc5QBG22lEaKPh
XNK+MUMv0xN4eIJh+uksZc6mdM6IZfvx1Io5RWiD6hABfQF7XyRwxF584PCqHMeq
oiYg1VY6epIWtunSfVa+CpF7MZ3KSTcs2VJdsutVuGxeS+NS7JVCApiXig4qk4yk
/Y/57RAy689vMNxu78noIP/mOnd7zV4DgRQ/l1iNaZnAMFgEeh1FtSJLH5odD7T0
KyfVTwdRHTJetedDjCIN+5bboNj4hIjjW4+l8KJP3aP/f8ppZuycHQ9mEf/YCuPn
KPeo7YKLGYKlerPylfENokaG7SkNyvd6UV1TdZ5eilTGBiSZpNAdlaHP0uaICbPA
Mpbn4COy52H2VTg/J/Wle1IyLPFJpGe87o/UEkylSoARMnhhtq5+Mm5mrL8k1Y5m
GvKqd8q7y7Bche+l5o2QRTZpLSfwZZ28r9qTX8S0vh+NvBD14iVNReR+RRZuf9FU
Qhgz3TzfSEwFngced24LmIXQNgtN/QBynRGJDgR0Kq9Su4/uv8VVt4N4I8wlU3qG
NwpK44FBlHPSZ6UQga/Y3Pckbrn8+RoOuIyMC0ExtDpB6qawfbssR+2EfNmPeWjS
WwHGJQ8PJ2fadWMJewhfXDVdio7LVZHqIUdJIasKB9Z3PCWoJUtrsEw0EHQxG3CZ
SN2QlLPBwveFtK0HQW6ZS29gGq6Z9Kj2la64NCJMtnYSq4RDV2wGaRr027E=
=bWqr
-----END PGP MESSAGE-----
$ date | gpg --clearsign 
gpg: using "C1DB921F" as default secret key for signing
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Fri 22 Nov 2019 06:31:42 PM CST
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEfHleU5lojd9m99YgSd0qTkl5YZwFAl3Yfe4ACgkQSd0qTkl5
YZyTqhAAhToJg5byHBK37S4ixLc8w6mJWLlLOVvmDUmiXD2EbZoHEyCaVXJNCR+O
RveuDjfOpM/I4InrHaypGjzc7aO2yhcPnH+8adE6JBfakNdvk13XMynXggE3kqxL
oe0ZEx7sLiJaw/LzSr70kHBAqN4wnzx14+nKSuWYqZIdjR8eko867edBPWDZZgEn
nM+CSpd6XQbksf4BQR7S+/XmRKoeXuksPbmWC2uOsK9dMqGDhU91YY/j1eh3cMzq
4o/EOdc1grsfl4e8uV9z3nylOQP/PzXEp/fxXhU4lTVjVrjkBkOkDhO0DnGk8QD9
GQzdk3o6xt1gUxAGfthquRS/8ozdeL0lQ8CMaRGLRCiZKxO0kdtNkJ8QJNKxx/3M
CM/qHUnWWzyU078ncx0RkvZdwD1fq8eGM2RsptPjdeBc5Wgz7wAI5MpaUQezMrdA
/7rtJ7EnZL6WN33nwQjAC0MxoKSA073Fo8CqtBiqXkCtfp4x5x9FRpndgi7iKCNt
gQibgCIGYS6R09Q/F6r2uDcX84+SXzRyfftbP56k/4dyByn1ei7EvOM9Yi3ToU0p
qhAqLLqrG1omInTsQFGMgy/iRE7giT64YgKThdFNdT2DSNqoEkG581nabUoac8Hm
EFqGUDPn3rkPEZq6KNRTXKlMEFj7SF5v95iHWuh8OU+nPEWF1sY=
=2RSg
-----END PGP SIGNATURE-----

trying to decrypt the message does not get me very far:

$ date | gpg --encrypt --recipient 0x673A03E4C1DB921F --armor | gpg --decrypt
gpg: encrypted with 4096-bit RSA key, ID 0x80382A731F474556, created 2018-07-31
      "Gunnar Eyal Wolf Iszaevich "
gpg: public key decryption failed: Hardware problem
gpg: decryption failed: No secret key

And although the message is quite clear (public key decryption failed: Hardware problem), I spent far too many attempts at putting things upside down, trying and trying and trying to fix the issue. But no: Hardware problem means hardware problem. My Yubikey is somehow dead.

But it seems that... Even if I was able to bring it back from the dead, I would be doomed anyway: The USB key where I kept the backup for the master key material refuses to be read. Of course, I also gave it several attempts... All failed ☹ And, of course, I had it on just a single media ☹ So even getting the Yubikey decryption back to life would only allow me to use my key until 2020-12-19.

So... What's left for me to do? I just generated a shiny new elliptic-curve key, and will as soon as possible migrate my Debian credentials to use it. Please note, I am not able to sign my new key with the old one, as only the master key has Certification ability. So, the next best thing is a migration statement. I am inlining it here for convenience; if you want to check it, you can either:

$ wget https://gwolf.org/files/transition_statement.asc -O - | gpg --verify

Or just run gpg --verify and paste as its input the following text:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

I am Gunnar Wolf, and I am transitioning away from my
rsa4096/0x673A03E4C1DB921F key, to ed25519/0x2404C9546E145360. The
reason for this transition is two simultaneous cases(!) of broken
hardware.

My old key is still usable until its expiry date, but I am unable to
use it for decryption; please use only my new key.

If you have signed my old key, please consider signing the new one;
this file is signed with both keys as a proof I do have control over
them. Please note my old key is unable to certify the new one, so it
is not yet signed.

 -={ Old key, which I am transitioning _away_ from }=-

pub   rsa4096/0x673A03E4C1DB921F 2009-07-09 [SC] [expires: 2020-12-19]
      Key fingerprint = AB41 C1C6 8AFD 668C A045  EBF8 673A 03E4 C1DB 921F
uid                   [ultimate] Gunnar Eyal Wolf Iszaevich 
uid                   [ultimate] Gunnar Eyal Wolf Iszaevich 
uid                   [ultimate] Gunnar Eyal Wolf Iszaevich (Instituto de Investigaciones Económicas UNAM) 

 -={ New key, which I am transitioning to }=-

pub   ed25519/0x2404C9546E145360 2019-11-22 [SC] [expires: 2022-11-21]
      Key fingerprint = 4D14 0506 53A4 02D7 3687  049D 2404 C954 6E14 5360
uid                   [ unknown] Gunnar Wolf 
uid                   [ unknown] Gunnar Eyal Wolf Iszaevich 
uid                   [ unknown] Gunnar Wolf 

The new key has been uploaded to pool.sks-keyservers.net. If you
decide to sign my new key, I'd prefer if you mail it to me via
(i.e. using caff).

Thank you very much,

      - Gunnar
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEfHleU5lojd9m99YgSd0qTkl5YZwFAl3YhWkACgkQSd0qTkl5
YZxc1A//fycReXF6pqHl+zsMs4YW5fdMBDDuglIblX3AH5Q+ZtYvUEcEjUqXpTp4
32B725nF3o+chRsMosbJ2wUh6m5zbSl4ET/gjw+9M2XmrmC5HgrKurRh/bDryvZ1
lPPJOD6rfH5JeIBEnyoVrTaAMO5g2UUd3UM27EemNfK0oGZhJwbV8pvhQxLdrHk+
VKXBGPFcX0AttkutuixF7ieS/DjaVIogKPhy7r6UNEFopnMcGZmmTdy8EOnePLNc
ocHSHgVylErywx2zCaumC7nvc5nCeS+iStro2Cwpx1wcgdV0+RfX81Sz5v3g4IQA
Zv9AuAPBEnSFlrAPUggeDVTfA4A7BSoHgYnIo/xcIWnkd7SMwL/XDSgW3v7lNCJy
DvKhP9m0EM0KOOzzV8N3tyhvXNxW9fb0dmc+pUNI7qzXrzu0DVRiwrzRiCTnrOUQ
uV9cM/FdL82IGe5lGO48FgCBEaluocMu3bh9qFOIuQukbEvRsdgknGfcaa1mWRxs
YbBPYafFCTCRR410it2Ck4dRunHRLvYecTcFIvxUJ+lgrYSlRXIe4nfVmQ3lWosM
mUM9DhCanIeeNk/Enzqf8qpKlLzpBnEpJPnRciNvuGfvXzWSeKBdah7t5TNoMfNz
oWmCb2XbYmf8t7XFc9SNxWFaOTzt//w3Foo0DbBa9qtvuo4giRaIdQQBFggAHRYh
BGCzCT2WEI5cuXFC7+L2O0NT9FmJBQJd2IVqAAoJEOL2O0NT9FmJXwMA/j8s6O85
phqdDmOjKcmpKoxBlCKpulkMvpzSpxxcmGMzAP49HE6yVsyxFYoCI50w3nASSqmt
5i/2Cv7TgtzOFXU1AA==
=JxNv
-----END PGP SIGNATURE-----

I will be soon meeting with two DDs, so in any case, this key will be in shape to enter our keyring. Thank you very much for following so far!

(...And yes — This time I made two separate offline media backups for my master key material :-Þ)

DebConf19 Key Signing Party: Your personalized map is ready!

Submitted by gwolf on Sat, 07/20/2019 - 13:13

When facing a large key signing party in a group, even a group where you are already well socially connected in, you often lose track whom you have cross-signed with already, who is farther away from you (in the interest of better weaving the Web of Trust)...

So, having Samuel announce the DebConf19 KSP fingerprints list, I hacked a bit to improve the scripts I used on previous years, and... Behold!

The DC19 KSP personalized maps!

This time it's even color-coded! People you have not cross-signed with are in light grey. People whose keys have been signed by you are presented with blue text. People that have signed your key are presented with green background. Of course, people you have cross-signed with have blue text and green background :-]

The graph is up to date as of early today, pulling the data from keys.gnupg.net. Sorry for the huge size, but it's the only way I found it to be useful to see both the big picture and the detailed information. Of course — You can zoom in and out at will!

( categories: )

Ongoing crypto handling discussions

Submitted by gwolf on Thu, 08/28/2014 - 10:04

I love to see there is a lot of crypto discussions going on at DebConf. Maybe I'm skewed by my role as keyring-maint, but I have been involved in more than one discussion every day on what do/should signatures mean, on best key handling practices, on some ideas to make key maintenance better, on how the OpenPGPv4 format lays out a key and its components on disk, all that. I enjoy some of those discussions pose questions that leave me thinking, as I am quite far from having all answers.

Discussions should be had face to face, but some start online and deserve to be answered online (and also pose opportunity to become documentation). Simon Josefsson blogs about The case for short OpenPGP key validity periods. This will be an important issue to tackle, as we will soon require keys in the Debian keyring to have a set expiration date (surprise surprise!) and I agree with Simon, setting an expiration date far in the future means very little.

There is a caveat with using, as he suggests, very short expiry periods: We have a human factor sitting in the middle. Keyring updates in Debian are done approximately once a month, and I do not see the period shortening. That means, only once a month we (currently Jonathan McDowell and myself, and we expect to add Daniel Kahn Gillmor soon) take the full changeset and compile a new keyring that replaces the active one in Debian.

This means that if you have, as Simon suggests, a 100-day validity key, you have to remember to update it at least every 70 days, or you might be locked out during the days it takes us to process it.

I set my expiration period to two years, although I might shorten it to only one. I expect to add checks+notifications before we enable this requirement project-wide (so that Debian servers will mail you when your key is close to expiry); I think that mail can be sent at approximately [expiry date - 90 days] to give you time both to you and to us to act. Probably the optimal expiration periods under such conditions would be between 180 and 365 days.

But, yes, this is by far not yet a ruling, but a point in the discussion. We still have some days of DebConf, and I'll enjoy revising this point. And Simon, even if we correct some bits for these details, I'd like to have your permission to use this fine blog post as part of our documentation!

(And on completely unrelated news: Congratulations to our dear and very much missed friend Bubulle for completely losing his sanity and running for 28 hours and a half straight! He briefly describes this adventure when it was about to start, and we all want him to tell us how it was. Mr. Running French Guy, you are amazing!)

( categories: )
Syndicate content