Bug 279224 - Kleopatra feature request: should encrypt exported certificates
Summary: Kleopatra feature request: should encrypt exported certificates
Status: REPORTED
Alias: None
Product: kleopatra
Classification: Applications
Component: general (show other bugs)
Version: 2.0.8
Platform: unspecified Linux
: LO wishlist
Target Milestone: ---
Assignee: kdepim bugs
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-08-02 23:11 UTC by jonathan ferguson
Modified: 2013-05-08 13:00 UTC (History)
2 users (show)

See Also:
Latest Commit:
Version Fixed In:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description jonathan ferguson 2011-08-02 23:11:33 UTC 
Version:           2.0.8 (using KDE 4.6.5) 
OS:                Linux

This is a feature request to encrypt GPG certificates when exporting private keys. As of Kleopatra 2.0.12, "File --> Export Secret Key..." will copy the GPG private key in an ASCII armored (if desired) format. This key is unencrypted, and at risk of compromise. Encrypting the key using a symmetric algorithm is easy to do with GPG, and would protect users who want/need to have their private keys on removeable media, or in multiple active locations.

Exporting the public and private GPG keys in an encrypted fashion can be done using the following commands [1], for example:

gpg -K
gpg --output pubkey.gpg --export {KEYID}
gpg --output - --export-secret-key {KEYID} |\
 cat pubkey.gpg - |\
 gpg --armor --output keys.asc --symmetric --cipher-algo AES256

pinentry, if installed and configured, will prompt users for a symmetric AES256 passphrase. The resulting asc file will then be encrypted, and can be sent across a dangerous network, or written to, say, a Flash device. The UI should make clear that the password is encrypting the asc file only. At present, the help files for Kleopatra only say "File -> Export Secret Key..." should basically not be done. This is unhelpful to end users, and is comparatively easy to fix..

In a related note, eradicating stored data (in this case, the exported private GPG key), is the subject of debate [2,3,4]. Exporting the file in an encrypted fashion permits the UI to "do the right thing" even if a user is not well educated in cryptography. Of course, some explanatory text for the export dialog would serve users well. In these cases, "shred" is your friend. :-)

[1] http://montemazuma.wordpress.com/2010/03/01/moving-a-gpg-key-privately/

[2] http://en.wikipedia.org/wiki/Data_remanence

[3] http://www.nber.org/sys-admin/overwritten-data-gutmann.html

[4] http://www.usenix.org/publications/library/proceedings/sec96/full_papers/gutmann/index.html

Thanks for making great software!

have a day.yad

jdpf

Reproducible: Always

Steps to Reproduce:
1. Launch Kleopatra.
2. Choose a "certificate"
3. Choose "File --> Export Secret Key..."
4. Read the resulting keyfile, it is the naked GPG private key.

Actual Results:  
The resulting keyfile, it is the naked GPG private key.

Expected Results:  
Resulting keyfile from "Export Secret Key..." should be AES encrypted. Like so:

gpg -K
gpg --output pubkey.gpg --export {KEYID}
gpg --output - --export-secret-key {KEYID} |\
 cat pubkey.gpg - |\
 gpg --armor --output keys.asc --symmetric --cipher-algo AES256


Example from http://montemazuma.wordpress.com/2010/03/01/moving-a-gpg-key-privately/

OS: Linux (x86_64) release 2.6.39-2-amd64
Compiler: gcc
Comment 1 Emanuel Schütze 2013-05-08 13:00:14 UTC 
Needs more discussion.