Strategies for offline PGP key storage

Posted Oct 3, 2017 10:11 UTC (Tue) by ngiger@mus.ch (subscriber, #4013)
Parent article: Strategies for offline PGP key storage

Did you look at the https://www.crowdsupply.com/nth-dimension/signet. It looks for me like a good compromise between ease to use and privacy.

to post comments

Strategies for offline PGP key storage

Posted Oct 3, 2017 11:31 UTC (Tue) by anarcat (subscriber, #66354) [Link] (1 responses)

I have. Signet is interesting because it runs a similar platform than the FST-01 (STM32L442 microcontroller, while the FST-01 uses STM3F103) so presumably, it may be possible to port Gnuk to it. However, the application deployed on Signet by default is *only* a password manager from what I can tell. Furthermore, Signet is not in production at the time of writing, the crowdfunding is not over yet.

Strategies for offline PGP key storage

Posted Oct 4, 2017 23:35 UTC (Wed) by nnesse (guest, #118902) [Link]

Hi, I am the creator of Signet. I just wanted to say that I am very interested in adding more cryptographic functions to the device. It's internal database is flexible enough that PGP key storage could be done as an add-on. There is a bit of a balancing act in terms of the space needed to store GPG keys and algorithms as well as the data and algorithms for password management but I think there is room for it all. This is something I will probably develop once I've completed all the features I've already promised. I wasn't aware of Gnuk before. I may incorporate it directly or consider making a compatible interface.

Strategies for offline PGP key storage

Posted Oct 3, 2017 13:40 UTC (Tue) by eahay (guest, #110720) [Link] (7 responses)

Another option is a NitroKey https://www.nitrokey.com

Strategies for offline PGP key storage

Posted Oct 3, 2017 19:54 UTC (Tue) by dd9jn (✭ supporter ✭, #4459) [Link] (3 responses)

Depending on the model Nitrokey either uses the Gnuk software or a standard OpenPGP card from Zeitcontrol for public key operations.

Strategies for offline PGP key storage

Posted Oct 3, 2017 19:58 UTC (Tue) by anarcat (subscriber, #66354) [Link] (2 responses)

I encourage people to wait for the next article in the series before discussing the details of all those keycards. In the next article, I will review the Nitrokey PRO, the FST-01, the Yubikey 4 and NEO, including benchmarks and cute graphics. Stay tuned! :)

Strategies for offline PGP key storage

Posted Oct 5, 2017 2:51 UTC (Thu) by Trelane (subscriber, #56877) [Link]

awesome! I'm looking forward to it.

Strategies for offline PGP key storage

Posted Oct 5, 2017 6:34 UTC (Thu) by intrigeri (subscriber, #82634) [Link]

Excellent, thanks!

Strategies for offline PGP key storage

Posted Oct 3, 2017 22:14 UTC (Tue) by dsommers (subscriber, #55274) [Link] (2 responses)

I do have Nitrokey Pro and it worked wonderfully well on my Scientific Linux 7.3 box (not too fast, but I can survive that); it wasn't too easy to get it working, though - I remember I needed some tweaks.

But after I switched to RHEL 7.4, gpg --card-status gives me "Card error" - BUT running openpgp-tool works! So it seems gpg is grumpy about it for some reasons. Anyone got a good idea what could be the issue? I might have forgotten a silly step, but can't figure out what it could be.

Strategies for offline PGP key storage

Posted Oct 5, 2017 4:53 UTC (Thu) by jans (guest, #108889) [Link] (1 responses)

I suspect this is related to access restrictions and usually is solved by proper UDEV rules. See these instructions.

Strategies for offline PGP key storage

Posted Oct 5, 2017 9:22 UTC (Thu) by dsommers (subscriber, #55274) [Link]

Thank you! I actually had those rules installed. But there was a slight detail I hadn't noticed until your comment. The udev rules uses GROUP="plugdev"; a group name which does not exist on RHEL. Changing that to a group which exists and makes more sense on my setup and it worked.

Again, thank you!