Mailing List Archive

On 25/08/2019 19:40, Stefan Claas via Gnupg-users wrote:
> Hi all,
>
> I am curious what apps you are using when not at home, to send
> OpenPGP compatible email messages? Do you carry a Notebook with
> GnuPG or do you use an OpenPGP smartphone app?
Shortly, I know only one combination that provides reasonable
use experience on mobile.

Android + K-9 Mail + OpenKeychain + YubiKey with NFC.

Cheers,
Chris Narkiewicz

On 2019-08-25 21:22, Chris Narkiewicz via Gnupg-users wrote:
> On 25/08/2019 19:40, Stefan Claas via Gnupg-users wrote:
>> Hi all,
>>
>> I am curious what apps you are using when not at home, to send
>> OpenPGP compatible email messages? Do you carry a Notebook with
>> GnuPG or do you use an OpenPGP smartphone app?
> Shortly, I know only one combination that provides reasonable
> use experience on mobile.
>
> Android + K-9 Mail + OpenKeychain + YubiKey with NFC.

Thanks for the info, much appreciated.

Regards
Stefan

--
box: 4a64758de9e8ceded2c481ee526440687fe2f3a828e3a813f87753ad30847b56
certified OpenPGP key blocks available on keybase.io/stefan_claas

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Hi Chris,

On 25.08.19 21:22, Chris Narkiewicz via Gnupg-users wrote:
> Shortly, I know only one combination that provides reasonable
> use experience on mobile.
>
> Android + K-9 Mail + OpenKeychain + YubiKey with NFC.

Do you know a good guide for setting this up?

Best wishes
Michael

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Tangentially related - I've seen docs recommending having your
portable keychain have a subkey for signing, and that keychain to lack
the master secret key entirely ( and putting that one in an
undisclosed secure location), with a different passphrase, etc.

What are gnupg-users thoughts on that sort of setup?
-----BEGIN PGP SIGNATURE-----
Version: Mailvelope v4.1.0
Comment: https://www.mailvelope.com

wsFcBAEBCAAGBQJdZBQBAAoJEMpMWCzKN2JrCHgQAI2nG2X64v6fcqt8/ftE
JrFtNDr24ItU36dCp8xDxIBu6Is01nwqxyTJVo1idxuivA9goLsNguIdc/gp
zOzCnFuKA3dbiRxUJ8RXcogPHDBToAN19F9l2ehk3C64M4/uHdWcDHXoCz1i
OV7RDlqtODX0CPsxTfCMq5Nb4ZUVGM/jxzrVBmHYLb+1TmALzHHlnB2HdFWb
5CXq3T0RbX38RqHlrGmTi4KPwbgMWt9a4dxVK393rh8BPSyFZd5dbz4yyPlA
NxthZ4+dpJh0yNyqudafELf3mVLWDun9z/yFP/sdKLwB/ovS2wuQ+Bp2EPlj
QKe/PwfYTdYA34JlrzMhCFlHpoR0XGhNRt/Ns9d41/OvAo9lvlD75my33u2t
Iy2xH/dhAvBVCE0YYWXb2iT8gM9YbYDePkF1FgEjadTdg/TD04NOVONgoZdS
n+uSzFxl3X7oIdPYrRYeqryBSHYo9sZAIjFAW4/+BrA720Ju0cWpQolN7rdW
YKZKz4OeV/MILVGVYa+lv01MB+lrTs7eH8NVCoPxcqpscnTSYHafC93/Z+ga
mIuYDMWE9fpQ/MR4EtBdq5yrcrC4HSbm7CfsOirYv635jZ+2MXZeQYLuifIz
IlqoRDXTB+YBKXLnw2kvPxojZxCZliboNmAIWut47s3/Ard3zZCB6q05egeG
ekWf
=ZDVi
-----END PGP SIGNATURE-----


On Mon, Aug 26, 2019 at 5:25 AM Michael Kesper <mkesper@schokokeks.org>
wrote:

> Hi Chris,
>
> On 25.08.19 21:22, Chris Narkiewicz via Gnupg-users wrote:
> > Shortly, I know only one combination that provides reasonable
> > use experience on mobile.
> >
> > Android + K-9 Mail + OpenKeychain + YubiKey with NFC.
>
> Do you know a good guide for setting this up?
>
> Best wishes
> Michael
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>

> On 26 Aug 2019, at 18:17, Daniel Clery <dan@savevsgeek.com> wrote:
>
> Tangentially related - I've seen docs recommending having your portable keychain have a subkey for signing, and that keychain to lack the master secret key entirely ( and putting that one in an undisclosed secure location), with a different passphrase, etc. What are gnupg-users thoughts on that sort of setup?

It’s a nice idea in principle, but it’s a technical violation (sorry, nonstandard extension) of the standard to allow bare private subkeys, so many mobile clients (e.g. ipgmail) don’t support it. I used to do this on my laptops with gnupg (which does support it) but have since migrated to smartcards.

With the advent of NFC and lightning hardware tokens, it will make more sense to use them for all devices, removing the need for nonstandard extensions entirely. There is a non-negligible cost for the hardware, but it is *much* more convenient and secure to plug a card or dongle into a new device than it is to transfer subkey bundles (which are still sensitive data, even without the primary key).

A
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On 26.08.2019 19:37, Andrew Gallagher wrote:
>> Tangentially related - I've seen docs recommending having your portable keychain have a subkey for signing, and that keychain to lack the master secret key entirely ( and putting that one in an undisclosed secure location), with a different passphrase, etc. What are gnupg-users thoughts on that sort of setup?
> With the advent of NFC and lightning hardware tokens, it will make more sense to use them for all devices, removing the need for nonstandard extensions entirely. There is a non-negligible cost for the hardware, but it is *much* more convenient and secure to plug a card or dongle into a new device than it is to transfer subkey bundles (which are still sensitive data, even without the primary key).

I agree. I'm using this kind of setup (offline master key and hardware
tokens for subkeys) and it works very well. If one sets URL field on the
token then just plugging the token when OpenKeychain is opened is enough
to get the key ready-to-use.

Having multiple subkeys for multiple devices can be problematic in
practice (e.g. GnuPG does not encrypt to all encryption subkeys or
Autocrypt clients only export one signing subkey etc.)

W.r.t. NFC there is this minor detail:
https://lists.gnupg.org/pipermail/gnupg-users/2018-December/061375.html

But from the UX point of view it's very convenient.

Kind regards,
Wiktor

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Wiktor Kwapisiewicz via Gnupg-users wrote:


> W.r.t. NFC there is this minor detail:
> https://lists.gnupg.org/pipermail/gnupg-users/2018-December/061375.html

Interesting.

Well, for important and very short messages one could additionally use
the modern ElsieFour handcypher, by Prof. Kaminsky., in combination
with mobile devices. :-)

https://eprint.iacr.org/2017/339.pdf

Regards
Stefan

--
box: 4a64758de9e8ceded2c481ee526440687fe2f3a828e3a813f87753ad30847b56
certified OpenPGP key blocks available on keybase.io/stefan_claas


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On 26/08/2019 19:47, Wiktor Kwapisiewicz via Gnupg-users wrote:
> If one sets URL field on the
> token then just plugging the token when OpenKeychain is opened is enough
> to get the key ready-to-use.

Can you explain what kind of workflow do you mean here?

Stefan Claas via Gnupg-users wrote:

> Due to some tests I found Mailvelope an OpenPGP extension for
> Firefox and Chrome and installed it on my Kanguru Defender 3000
> USB stick. Besides the new Mailvelope keyserver I added also Hagrid.
> Key management is quite comfortable and messages sending is also
> very easy. A lot of free mail providers support Mailvelope.
>
> This set-up allows me to use OpenPGP not only in an Internet Caf? etc.
> but also at work where I can't install a MUA like Thunderbird or even
> install GnuPG.

I have also a question for the experts regarding keyloggers in public places.

Would you consider these both methods secure enough for entering passphrases in
Mailvelope, like outlined in article [1] while using Oxynger KeyShield [2]?

[1]
<http://www.missionarygeek.com/2014/02/keyloggers-safely-entering-passwords-using-a-public-computer/>

[2]
<https://www.raymond.cc/blog/how-to-beat-keyloggers-to-protect-your-identity/>

Regards
Stefan

--
box: 4a64758de9e8ceded2c481ee526440687fe2f3a828e3a813f87753ad30847b56
certified OpenPGP key blocks available on keybase.io/stefan_claas


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On 27/08/2019 17:01, Stefan Claas via Gnupg-users wrote:
> Would you consider these both methods secure enough for entering passphrases in
> Mailvelope, like outlined in article [1] while using Oxynger KeyShield [2]?

If you think there's a keylogger on your machine, then don't type in a
password at all, ever. And if there's a keylogger then there's just as
likely to be a screen scraper, or all sorts of other nasty things.

--
Andrew Gallagher

Hi Chris,

On 27.08.2019 17:52, Chris Narkiewicz via Gnupg-users wrote:
> On 26/08/2019 19:47, Wiktor Kwapisiewicz via Gnupg-users wrote:
>> If one sets URL field on the
>> token then just plugging the token when OpenKeychain is opened is enough
>> to get the key ready-to-use.
>
> Can you explain what kind of workflow do you mean here?

I mean you start OpenKeychain, touch the NFC token and get the import
key screen (see attachment). This is very straightforward, no need to
mess with passwords and secret key files.

OpenPGP software requires public keys but tokens don't store them so own
public keys need to be transmitted somehow. Fortunately OpenPGP Card
spec has a "URL of public key" field.

You can see/set the value this way:

$ gpg --card-edit

Reader ...........: ...
Application ID ...: ...
Version ..........: 2.1
Manufacturer .....: Yubico
...
URL of public key : https://metacode.biz/@wiktor/openpgp/key
Login data .......: wiktor

This is in turn used by OpenKeychain (but also by gpg --card-edit and
"fetch" subcommand) to download public parts.

Kind regards,
Wiktor

Andrew Gallagher wrote:

> On 27/08/2019 17:01, Stefan Claas via Gnupg-users wrote:
> > Would you consider these both methods secure enough for entering
> > passphrases in Mailvelope, like outlined in article [1] while using Oxynger
> > KeyShield [2]?
>
> If you think there's a keylogger on your machine, then don't type in a
> password at all, ever. And if there's a keylogger then there's just as
> likely to be a screen scraper, or all sorts of other nasty things.

But what would be, when using computers at work or public places, then
the best strategy for using OpenPGP, without carrying a Notebook or
smartphone? There should be good solution available IMHO. :-)

At least Firefox portable exists for Windows users and I believe
portable apps were invented for USB stick usage, right?

Regards
Stefan

--
box: 4a64758de9e8ceded2c481ee526440687fe2f3a828e3a813f87753ad30847b56
certified OpenPGP key blocks available on keybase.io/stefan_claas


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On 27/08/2019 21:50, Stefan Claas via Gnupg-users wrote:
> But what would be, when using computers at work or public places, then
> the best strategy for using OpenPGP, without carrying a Notebook or
> smartphone?

If a computer is compromised, this is game over for cryptography. Full
stop.

> There should be good solution available IMHO. :-)

BYOD :-)

HTH,

Peter.

--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>

On 27/08/2019 22:41, Peter Lebbing wrote:
> If a computer is compromised, this is game over for cryptography. Full
> stop.

This is not true. Many crypto systems are designed to perform damage
control and recovery in such cases.

If the compromise is game over for the user - it depends on threat profile.

Cheers,
Chris Narkiewicz

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On 27/08/2019 20:50, Stefan Claas via Gnupg-users wrote:
> But what would be, when using computers at work or public places, then
> the best strategy for using OpenPGP, without carrying a Notebook or
> smartphone?
The strategy I advice would be to not use GnuPG and look for alternatives.

I wouldn't look for some golden practice because I believe there
is none. Bluntly speaking, GnuPG is not fit for purpose of
securing everyday communication and shall not be advertised
as such.

Generally your keys should never leave secure environment. Secure
environment can be either dedicated machine that you control
or (better) SmartCard/HSM.

If your keys cannot be contained in secure environment, your comms
channel should be re-keyed after use. Modern communicators perform
re-keying after every message. GnuPG makes re-keying very cumbersome.

> There should be good solution available IMHO. :-)

Sadly, GnuPG never delivered friendly user experience.
It found it's niche in some specialized use-cases, such as
infrastructure - package signing, backup encryption, commands
by e-mail, etc - but it never gained significant adoption among
wider population.

If you expected more - I' m sorry that you will be disappointed.

Cheers,
Chris Narkiewicz

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On 2019-08-28 00:44, Chris Narkiewicz via Gnupg-users wrote:
> On 27/08/2019 20:50, Stefan Claas via Gnupg-users wrote:
>> But what would be, when using computers at work or public places, then
>> the best strategy for using OpenPGP, without carrying a Notebook or
>> smartphone?
> The strategy I advice would be to not use GnuPG and look for alternatives.

Well, not GnuPG but I thought more about other OpenPGP apps, because
the OpenPGP protocol besides S/MIME is still widely used.

> I wouldn't look for some golden practice because I believe there
> is none. Bluntly speaking, GnuPG is not fit for purpose of
> securing everyday communication and shall not be advertised
> as such.
>
> Generally your keys should never leave secure environment. Secure
> environment can be either dedicated machine that you control
> or (better) SmartCard/HSM.

Here is an idea ... I recently read about Prof. Kaminsky's Enigma2000
which is a JavaScrpit encryption app running on an offline Raspberry Pi
with a touchscreen.

https://www.cs.rit.edu/~ark/parallelcrypto/enigma2000/

If someone would write a JavaScript OpenPGP app which works like
Enigma2000
one could attach an USB stick to store an amored message, unplug and set
the write protect switch and insert the USB stick to a public computer.
We
would have a secure OpenPGP messaging device, not requiring an expensive
smartphone nor a laptop to carry around.

It could be done as a kickstarter project (Raspi+Touchscreen as one
device + JavaScript code.

Well, just a thought and hopefully a talented coder and hardware
tinkerer could make this happen.

Regards
Stefan

--
box: 4a64758de9e8ceded2c481ee526440687fe2f3a828e3a813f87753ad30847b56
certified OpenPGP key blocks available on keybase.io/stefan_claas

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On 28/08/2019 00:41, Chris Narkiewicz via Gnupg-users wrote:
> This is not true. Many crypto systems are designed to perform damage
> control and recovery in such cases.

Damage control in the case of GnuPG would be using a smartcard: while
you are using the smartcard, so can the attacker, but once you pull the
smartcard and no longer use the compromised system, the attacker no
longer has access to the key.

In this scenario it makes sense to have an offline primary key: while
the attacker can issue data signatures and decrypt your files, they
cannot change your key, e.g., add another signing subkey to be used
later when the smartcard is no longer available to the attacker.

Recovery... well, damage control already implied there was damage, and
recovery even more so. Stefan asked for a "best strategy for using
OpenPGP [...]". I did not interpret that as asking for how to limit
damage, but rather to avoid it.

Whether a compromise is game over depends on your scenario. However,
what is quite often asked for here is some way to use a compromised
system without compromising confidentiality of encryption or without
enabling an attacker to issue data signatures. These things cannot be
done on a system where the attacker has control over the whole computer
(root access, in *nix parlance, or hypervisor access). If you can show
me an example where the attacker has full access to a computer and a
user can still do decryption and issue signatures *on that computer*
while maintaining confidentiality and signature integrity, I'd love to
hear about it. However, I've heard many wrong solutions, so in actuality
I don't think I would love to hear about it, because it sounds like a
waste of time.

Here are two obviously wrong ones.

"Provide explicit confirmation of each signature issued by a smartcard
with an external button".

Attacker's solution: pretend something went wrong, and make the user do
the actions again. Nothing actually went wrong, the user issued two
signatures. Social engineering to the rescue. Or, demise.

When they're sending an e-mail, simply make it look like the mail client
crashed just after they confirmed the signature, for instance.

The confirmation button doesn't ensure signature integrity, it is
damage control.

"Provide explicit confirmation of decryption with smartcard".

Whenever user decrypts something, store the decryption key in a
database. When the user decrypts the same file twice, use the stored
decryption key and decrypt that interesting file the attacker wants to
read instead.

HTH,

Peter.

--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>

On 28/08/2019 12:07, Peter Lebbing wrote:
> Whether a compromise is game over depends on your scenario.

Sorry, I meant, it depends on your definition of "game over", definitely
*not* on the scenario.

I think it is perfectly acceptable to say "compromise = game over", the
only way I see that could be wrong is if you have a different idea of
what game over means.

Peter.

--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>

Daniel Clery wrote:

Hi,

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256

[snip]

> -----BEGIN PGP SIGNATURE-----
> Version: Mailvelope v4.1.0
> Comment: https://www.mailvelope.com

I just noticed that you use Mailvelope on your site, awesome!

Can you please tell me what web mailer you have installed in
order to run Mailvelope on an own domain?

I recently started to use Mailvelope, with several email providers,
and find it pretty awesome.

Regards
Stefan

--
box: 4a64758de9e8ceded2c481ee526440687fe2f3a828e3a813f87753ad30847b56
certified OpenPGP key blocks available on keybase.io/stefan_claas


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

> On 31 Aug 2019, at 11:45, Stefan Claas via Gnupg-users <gnupg-users@gnupg.org> wrote:
>
> Can you please tell me what web mailer you have installed in
> order to run Mailvelope on an own domain?

I recently migrated from squirrelmail to roundcube on my own domain and I would recommend it. Mailvelope will support any roundcube installation if you add the appropriate domain to its whitelist.

I have found though that while Mailvelope works well with manually imported or generated private keys, its integration with gnupg for e.g. smart card support is very sketchy due to lack of gpgme-json packaging in the major distributions. DKG has been trying to push it in debian but afaict there isn’t a package available yet.

A
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Andrew Gallagher wrote:

>
> > On 31 Aug 2019, at 11:45, Stefan Claas via Gnupg-users
> > <gnupg-users@gnupg.org> wrote:
> >
> > Can you please tell me what web mailer you have installed in
> > order to run Mailvelope on an own domain?
>
> I recently migrated from squirrelmail to roundcube on my own domain and I
> would recommend it. Mailvelope will support any roundcube installation if you
> add the appropriate domain to its whitelist.

Awesome!!! Thanks a lot!

Regards
Stefan

--
box: 4a64758de9e8ceded2c481ee526440687fe2f3a828e3a813f87753ad30847b56
certified OpenPGP key blocks available on keybase.io/stefan_claas


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users