Ubuntu: How to protect PGP key details against be snooped?



Question:

I haven't found an answer to the following.

Hypothesis: If someone gets physical access to my computer, how I would make sure that they (the ones snooping around) do not find my PGP details; like keys or email addresses that are linked to keys?

Is the only and best solution to encrypt your whole hard drive and hope that your password is strong enough? Or can you just kept your PGP key details hidden on an encrypted volume, and take them out when you want to encrypt or decrypt some message?

I haven't been able to prove the later.


Solution:1

As for all infosec related questions, the first thing to consider is who is the attacker you want to mitigate. Then, elaborate possible attacks he might perform, and how much effort your data is worth to him.

You will never be able to prove safety. You'd need to prove safety of not only the whole software in use (including operating system and application software), but also the hardware and cryptographic algorithms in use. Right now, science still fights with proving very minor snippets of software, far away from even proving GnuPG or similar applications.

All you can do is consider possible (known, expected) attack vectors, select by the value of your information to the attacker and apply appropriate counter measures. To get a maximum extend of security, consider using an offline machine not connected to any computer networks inside a protected vault. Does not seem appropriate? Very likely it isn't, but you'll have to choose somewhere in-between convenience (and cost effectiveness) and safety.

Encrypted Hard Drive

All together, not even encrypting your hard drive will be safe, if you put your machine into sleep mode and the attacker is able to read the memory (with a large amount of effort), or even modifies/backdoors your hardware (or simply gets hold of the running machine, while it's unlocked). Malwared software will obviously also expose your private keys.

Encrypting your hard drive, including swap space, is probably enough against most attackers.

Encrypted GnuPG Home Directory

If you only want to be sure a "casual" attacker (no special hardware support, no much deeper than "off-the-shelve" IT knowledge) or thief of your computer does not get access to the information stored in your GnuPG keyring, an encrypted volume should be fine. Possible attack vectors I can imagine:

  • temporary files left over
  • your mail store, which contains encrypted/signed mails
  • malware that accesses your keyring while it's unlocked/sniffing your passphrase
  • admin users accessing your keyring while it's unlocked/sniffing your passphrase
  • ...

Note:If u also have question or solution just comment us below or mail us on toontricks1994@gmail.com
Previous
Next Post »