Changes between Initial Version and Version 1 of Ticket #9443, comment 5


Ignore:
Timestamp:
Sep 12, 2013, 6:47:59 PM (7 years ago)
Author:
isis
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #9443, comment 5

    initial v1  
    1010Actually, it occurs to me that these things can be combined. Here's what I am going to do:
    1111
    12   1. Primary keypair:
     12  0. Long-Term Identity Keypair:
     13     - RSA 16384-bit
     14     - Usage: C
     15     - Storage:
     16       - Private Key: Offline, probably in pieces, using some variant of Shamir's Secret Sharing Scheme such that some N out of K people are needed to decrypt it.
     17       - Public Key: Well, the keyservers will puke if I try to feed this key to them, so I'm going to put it on https://bridges.torproject.org/key.asc and set the `"Preferred Keyserver" for all keys 0-3 to that URL.
     18     - Lifetime: Indefinite
     19  1. Primary Keypair:
    1320     - RSA 4096-bit
    14      - Stored: Offline, not on a smartcard, because apparently we can't put it on a smartcard, not even if we reduce it to 3072-bit.
    15      - Lifetime: indefinite
    16      - I could make it be an 8192-bit key, though I am not sure how far back GnuPG allows this keysize (it's at least a couple years now), and I have no idea if PGP or APG will handle it correctly.
     21       - I could make it be an 8192-bit key, though I am not sure how far back GnuPG allows this keysize (it's at least a couple years now), and I have no idea if PGP or APG will handle it correctly.
     22     - Usage: C
     23     - Storage:
     24       - Private Key: Offline. Not on a smartcard, because apparently we can't put it on a smartcard, not even if we reduce it to 3072-bit.
     25       - Public Key: Online, on ponticum. We have to do this because GnuPG won't allow subkeys to be detached entirely from their primary keypair. (Although there is a [http://atom.smasher.org/gpg/gpg-migrate.txt neat trick] for turning primary keys into subkeys and vice versa, involving bitflipping the [https://tools.ietf.org/html/rfc4880#section-4.2 bit 3 in the first octet] of the [https://tools.ietf.org/html/rfc4880#section-5.5.1.3 Secret Key Packet] to modify the [https://tools.ietf.org/html/rfc4880#section-4.3 packet tag header] which says whether it's a subkey or not.
     26     - Lifetime: 1 year (it should be rotated because it is kept online)
    1727     - UID 1: `BridgeDB <bridges@bridges.torproject.org>`
    18      - UID 2: photoID, containing QR code of the fingerprint of secret portion of Primary keypair
     28     - UID 2: photoID, containing link to https://bridges.torproject.org/verify.html (''NOTE: I'm not sure about this one yet.'')
    1929     - Certification Notation: `bridges@bridges.torproject.org=<primary key fingerprint>`
    2030     - Certification Notation: `verified@bridges.torproject.org=<fingerprint of the key we're certifying>`
    2131     - Certification Notation: `certified.count@bridges.torproject.org=<number of certifications>`
    22   2. Signing subkey:
     32  2. Signing Subkey:
    2333     - RSA 4096-bit
    24      - Stored: online, on ponticum.
     34     - Usage: S
     35     - Storage:
     36       - Private Key: Online, on ponticum.
     37       - Private Key: Online, on ponticum.
    2538     - Lifetime: 1 year
    2639     - Signature notation: `bridges@bridges.torproject.org=<primary key fingerprint>`
     
    2841     - Signature notation: `signed.data@bridges.torproject.org=<filename signed>`
    2942  3. Encryption Subkey:
    30      - Same as signing subkey, without the notations.
     43     - RSA 4096-bit
     44     - Usage: E
     45     - Storage:
     46       - Private Key: Online, on ponticum.
     47       - Private Key: Online, on ponticum.
     48     - Lifetime: 1 year
     49
     50I have also been considering designating the long-term identity key (0) as a revoker for the signing (2) and encryption (3) keys, and then destroying the private portion of the second certification key (1).