Image of the glider from the Game of Life by John Conway
Skip to content

My GnuPG Locality Problem

I ran into a problem. I need to have GnuPG wherever I am, mainly due to the fact that I need to digitally sign my email wherever I go. I need my GPG key with me.

However, I do not want to install my GPG key on every PC I work on (work, school, etc.). I don't want to carry my GPG key with my on my USB thumb drive. If I lose that, I'm hosed. Talk about compromising my security. I can generate revocation certs if I lose the key, or if it gets compromised, but I want to avoid that as much as possible. I could also generate another key, but again, if one gets compromised or lost, I need to generate a revocation cert, and I just don't want to do that.

Also, I want to make this as easy as possible. I could SSH into the box containing my key, write my email, sign it with my private key, then SCP the signed text to my physical location, but that's just a pain, and very inconvenient. There has to be an easier way. I would like to use Enigmail in Thunderbird, and KGpg if at all possible.

So, I have a problem. I need to have the ability to use my GPG key safely and securely, regardless of where I am physically located, but I need to be smart about it. I have come up with a solution, and I think it's rather ingenious. But, before I go into what I did to have my key with me, I'm curious what you would do. So, here's the problem for the day:

What would you do to be able to use GPG wherever you are? Comment below.

I'll post my solution tomorrow.

{ 19 } Comments

  1. Kyle Brantley | February 19, 2007 at 4:44 pm | Permalink

    Keep your private key on all of the computers, but locked up in an ext2-formatted loopback device, encrypted with the above utility. End result, you'll have to type in a passphrase (or provide a filename containing data) in order to even gain access to your private key. From there, of course, you have to input your password for your private key.

    Admittedly, all this really is, is covering the problem with more of the problem, but to the same extent, just name the file (containing an encrypted filesystem which is mounted via loopback device, which then contains the private key...) something non-obvious and it works quite well. "random-entropy" or something.

    That's what I use for mine, and it works well.

  2. Hobbsee | February 19, 2007 at 5:01 pm | Permalink

    In the case of signing packages, which is related, you can just use debsign -r.

    I know it's not terribly helpful for you, but it probably is for any packagers who read this 🙂

  3. Hans | February 19, 2007 at 5:33 pm | Permalink

    ssh falcon -t mutt

  4. Fabian Rodriguez | February 19, 2007 at 7:14 pm | Permalink

    I think you are really meaning OpenPGP, not GPG...

    I have several solutions I use depending on the degree of portability I want and how "hackable" the environment I arrive at is (friend, parents, colleague, cafe, etc.)

    For me the most secure is having a big USB-bootable key with an encrypted partition/loopback that contains the key (and other information).

    I am thinking about putting a copy of the loopback encrypted file on my cell phone (which has 24mb available). Most modern cellphones appear as USB storage devices and hold quite a bit of memory. Cameras and audio players can also be used for the same purpose. I'd suggest playing with FreeOTFE and/or TrueCrypt if you want an encrypted file container you can open in WinXX systems.

  5. Don McArthur | February 19, 2007 at 7:58 pm | Permalink

    ssh -X

  6. ion | February 19, 2007 at 8:11 pm | Permalink

    just name the file (containing an encrypted filesystem which is mounted via loopback device, which then contains the private key…) something non-obvious and it works quite well. “random-entropy” or something.

    More like security through obscurity. 🙂

  7. Aaron | February 19, 2007 at 9:05 pm | Permalink

    Kyle & Fabian-

    The encrypted loopback is something that I hadn't thought of, and is a very viable solution. However, as ion mentioned, it's just security through obscurity. I believe I've found a solid solution.


    No, I don't mean OpenPGP. I mean GnuPG.


    That works, and a decent solution. However, the X through SSH is a bandwidth issue, and slow, as my upload connection is minimal. I'd like to minimize the bandwidth, if possible. I think I've found it.

  8. bob | February 19, 2007 at 10:07 pm | Permalink

    I agree with Hans. Mutt/screen/ssh

  9. Andreas Olsson | February 20, 2007 at 1:59 am | Permalink

    Myself I mount my homeserver:~./gnupg using sshfs. Well, it is not something I I'd do from any computer, but from some which I at least kind of trust.

  10. Marius Gedminas | February 20, 2007 at 3:47 am | Permalink

    I wonder if you can write a gpg wrapper that actually sshs into your server and runs gpg there. Might be tricky when there are extra file descriptors used for passphrase input from GUI apps, but ought to be doable somehow.

    I use ssh + mutt personally.

  11. Tobias Rapp | February 20, 2007 at 4:38 am | Permalink

    A cite from the GnuPG Card HowTo:

    To work with GnuPG on different machines (private PC, at work, with laptop etc.) the secret key has to be present on every machine. Distributing the secret key to a lot of different machines does not support its secrecy. Especially at work where other people have root access on your machine it is not save to store your secret key. Starting with version 1.3.3 GnuPG supports smart cards to save your keys.

    When using a smartcard your private key will not leave the card. Thus it is perfectly suited for your needs.

    So if you live in Europe just become a member of the FSF Europe Fellowship and you will get such a nice smartcard to protect your privacy 🙂

    Else you might fetch an OpenPGP compatible card from some online store.

  12. Jonas | February 20, 2007 at 4:43 am | Permalink


    How many computers include a smart card reader though?

  13. Matthew East | February 20, 2007 at 6:44 am | Permalink

    Webmail over https?

  14. Aaron | February 20, 2007 at 7:21 am | Permalink


    A smart card is a perfect solution. However, I don't want to use another key, but rather, just use my own. I don't know if this is possible with the smart card or not. Also, can I get a smart card without joining an organization?

  15. Daniel Silverstone | February 20, 2007 at 7:46 am | Permalink

    I sat down, thought about the problem, and then researched crypto which would help.

    Clearly the concerns about losing your USB key with your GPG keys on it are valid. So here's my solution

    1. Using a little python and tmpfs magic, make it so that when you plug your thumbdrive into your machine it runs a script to prepare your gpg key and put it in the tmpfs.

    2. Using GFShare (a library and toolset I wrote) split your key into 'secret shares' which are then distributed around your computer, laptop and usb key.

    3. Profit (or be secure, or something)

    As a reference, I keep my GPG keys as a three-of-five split. One share on my desktop, one on my laptop, one on my home server, two on the usb drive.

    That way, the usb drive plus any of m y machines lets me at my key, but if I lose the thumbdrive, the thief gets nothing and I can reconstruct my key with my three computers and then make a fresh set of shares, deleting the old ones to ensure the compromise cannot occur with the lost shares.

    My website carries the GFShare software along with a lot of the maths explained. The codebase carries a lovely paper written in LaTeX which explains the maths behind it and goes on to prove that it's all right.

    I hope your solution is as effective as this, otherwise, perhaps you should consider something like this 🙂 Naturally, if your idea is more clever then I'd love to know it so I'll be looking again tomorrow.

  16. Tobias Rapp | February 20, 2007 at 8:29 am | Permalink


    You should not need to generate a new key (although generating sub-keys of your main key on the smartcard is preferred in the HowTos). To move the existing key to the card one might call:

    $ gpg --edit-key 0x12345678

    and then do a

    command> keytocard

    But I must admit that I have not tested that procedure personally.

    You can buy a smartcard at Kernel Concepts. They also sell card readers. But if you have a lot of computers and do not want to take a USB reader with you all the time this solution can get expensive, I agree. I use my smartcard on just two computers (home, work) so that was no big problem...

  17. Soren Hansen | February 20, 2007 at 8:50 am | Permalink

    You're looking for libgfshare. It's based on Adi Shamir's Secret Sharing algorithm (Shamir put the S in RSA). It allows you take a confidential piece of data and generate n pieces of data where any m of these n pieces are required to reassemble the original data.

    Say you have a USB key, a laptop machine and a desktop machine.

    You can then split up your GPG key into three parts, requiring two parts to reassemble. You put a part on each of the USB, laptop and desktop.

    Whenever you need your GPG key, you plug in the USB stick and have your GPG key assembled. When you remove the USB stick, the assembled key could be deleted.

    If your USB stick is stolen, the thief will have a useless piece of data and you will still have two pieces left (one on your laptop and one on your desktop) and will be able to reassemble the GPG key and create a new share set.

    libgfshare was developed by Daniel Silverstone, is free software (an MIT-like license) and can be found here:
    and in the libgfshare{1,-bin} packages in Ubuntu.

    I've created a desktop daemon thing that listens for plugin events from hal waiting for a USB stick to be inserted and when that happens it searches for pieces that can be used to reconstruct certain files. It also takes care of deleting assembled file again when the USB stick is removed. It was my first python project so it's probably ugly as ****, so I'll have to clean it up a bit before I release it, but until then you can just use libgfshare as it is (there are binaries included).

    Have fun!

  18. Soren Hansen | February 20, 2007 at 9:16 am | Permalink

    Typical. I started writing my comment, went to a lecture, came back and finished it, sent it and in the meanwhile, Daniel Silverstone has told you about libgfshare himself. Oh well.. 🙂

  19. Aaron | February 20, 2007 at 9:40 am | Permalink

    I have to admit that libgfshare is superior to the solution that I came up with. Splitting up the key, and having the ability to recreate it is nice, no doubt.

    However, I'm still proud of what I thought of, so I'll be interested in what others think come here in about 6 hours.

{ 3 } Trackbacks

  1. [...] you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!Yesterday, I provided a problem about how to use my GnuPG key regardless of my location. In reality, there are only 3 computers [...]

  2. [...] I provided a problem about how to use my GnuPG key regardless of my location. In reality, there are only 3 computers [...]

  3. [...] Aaron Toponce » Blog Archive » My GnuPG Locality Problem interesting discussion on how to handle GPG keys from multiple locations while maintaining security [...]

Post a Comment

Your email is never published nor shared.