Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Using OpenPGP/GnuPG? How do you protect your Private Key?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Using OpenPGP/GnuPG? How do you protect your Private Key?

I know a few people who store it on their laptops/workstations!

On the other end of the spectrum, I know a guy who split his key up into 3 parts, encrypted each part, printed them to paper (QR Code), and stores them offline in 3 different physical locations!

I'm curious as to what measures you take in storing/securing/protecting your Private Key(s)?

Offline (USB), Online!, Paper?

Comments

  • In my YubiKey Neo

    Thanked by 1elijahpaul
  • Create subkeys for general use, and keep the master key under a hardware encrypted USB stick in my home. I also keep a double encrypted version in Amazon's S3 (just in case).

    Thanked by 1elijahpaul
  • socialssocials Member
    edited November 2014
    $ pwd && ll gpg*
    /home/soz
    -rw-r--r-- 1 soz users   44 Jun  4 14:23 gpg-ownertrust.txt
    -rw-r--r-- 1 soz users 3.6K May 28 01:35 gpg-private.txt
    -rw-r--r-- 1 soz users 1.7K Jun  4 14:31 gpg-public.txt

    As simple as that.

    Whole filesystem is encrypted though and I pretty much never take this laptop with me.

    Thanked by 1elijahpaul
  • @Silvenga This is pretty much what I've done.

    @socials Are you not worried about this latop getting damage or stolen?

  • RaymiiRaymii Member
    edited November 2014

    I have myself a nice little Free Software Foundation Europe Smartcard: https://fsfe.org/fellowship/card.en.html which holds my GPG (and a few other) keys, protected with a password of course.

    image

    My machines all have either internal or external smart card readers. I have two backup smartcards in two different safe's...

  • @Raymii

    That's a very good service. Here in my country tokens are mostly used by corporation not individuals.

    Thanked by 2elijahpaul netomx
  • Raymii said: I have myself a nice little Free Software Foundation Europe Smartcard

    This is very cool (and secure). Will check it out.

  • We recommend Yubikey Nano-n Premium for $60, you get a smart card token that fits inside of your USB port. Discrete and easy to hide. Smart Card tokens are the only real way to protect your private key from trojans. https://www.yubico.com/products/yubikey-hardware/

    Thanked by 1elijahpaul
  • rauppe31rauppe31 Member, Host Rep

    @Raymii said:
    I have myself a nice little Free Software Foundation Europe Smartcard: https://fsfe.org/fellowship/card.en.html which holds my GPG (and a few other) keys, protected with a password of course.

    image

    My machines all have either internal or external smart card readers. I have two backup smartcards in two different safe's...

    Very nice. What external readers do you use?

  • This one: http://www.hidglobal.com/products/readers/omnikey/3121 - the laptops have an internal one. My Dell keyboard also has one built in.

  • Has anyone used fingerprints to secure the private key? I've seen more laptops with fingerprint readers than smart card scanners.

  • elijahpaulelijahpaul Member
    edited November 2014

    @Silvenga said:
    Has anyone used fingerprints to secure the private key? I've seen more laptops with fingerprint readers than smart card scanners.

    Since I use ThinkPads with fingerprint readers, this did cross my mind.

    I came across a piece of software that allowed you to use your fingerprint as your private key passphrase, but for the life of me I can't remember the name of it!

    EDIT: interesting answer to fingerprint security on security.stackexchange.com

  • elijahpaul said: EDIT: interesting answer to fingerprint security on

    I was thinking we would still use the passphrase. :P

    That Yubikey Neo is looking nice right now. It can act as a card reader for the majority of computers that don't have card readers and has the ability to secure my Keepass database.

  • Fingerprints are bad as passwords since you can't change them and leave them everywhere...

Sign In or Register to comment.