Dear all,

I have a kind of stupid question. It is not possible to revoke a public
key if you do not have the private key anymore to generate the
revocation token. Sounds good, but could be very nasty if e.g. your
laptop is stolen and the private key, as well as the revocation token
are on that computer and you don't have any backup of the files.

What would you do in such a situation? I mean, the file are secured by a
keyphrase, but it's the easiest bit of work in hacking encrypted
messages to get the passphrase. This is, in my opinion, a tremendously
dangerous security issue, because you cannot revoke the public key, you
cannot do anything, just waiting until your data gets hacked.

For other security measures, in such situations master keys exist to
revoke corrupted keys, like for the Infineon TPM software suit. Are
there any chances to do something like that in PGP or GPG?

Kind regards,
K. Maier

Klaus Maier wrote:

> I have a kind of stupid question. It is not possible to revoke a
> public key if you do not have the private key anymore to generate
> the revocation token. Sounds good, but could be very nasty if
> e.g. your laptop is stolen and the private key, as well as the
> revocation token are on that computer and you don't have any backup
> of the files.

Klaus, I admit to very little sympathy at this point.

> What would you do in such a situation? I mean, the file are secured
> by a keyphrase, but it's the easiest bit of work in hacking
> encrypted messages to get the passphrase. This is, in my opinion, a
> tremendously dangerous security issue, because you cannot revoke the
> public key, you cannot do anything, just waiting until your data
> gets hacked.

If someone steals my PC, and actually cracks my passphrase, I'll have
to admit they've *earned* the data on my PC.

> For other security measures, in such situations master keys exist to
> revoke corrupted keys, like for the Infineon TPM software suit. Are
> there any chances to do something like that in PGP or GPG?

I hope not. I don't want anyone to have a master key to my key.

Did I miss something basic here? Is the remedy to this situation as
simple as immediately creating a revocation certificate (when one
creates a key), backing it up to floppy or CD or USB device or
whatever, then storing the backup in an offsite place (like a Safety
Deposit box)?

TomT

In Message-ID:<65e72$47fcfbda$3e63cf1f$6955@news.inode.at>,
Klaus Maier wrote:

>I have a kind of stupid question. It is not possible to revoke a public
>key if you do not have the private key anymore to generate the
>revocation token. Sounds good, but could be very nasty if e.g. your
>laptop is stolen and the private key, as well as the revocation token
>are on that computer and you don't have any backup of the files.

That should not be a problem. Just restore your files from a
backup onto your new computer and publish the revocation. If your
house burns down taking your computer and backups with it, use
your offsite backups.

There is *no* good reason for anyone with a computer not to
have backups and offsite backups.

>the file are secured by a
>keyphrase, but it's the easiest bit of work in hacking encrypted
>messages to get the passphrase.

Only if you've chosen a weak passphrase. With a good
passphrase, your keyrings are safe from being used by anyone but
yourself. If it's a modern laptop with hardware encryption, the
thief will have a hard time (or an expensive process) getting to
any of your files.

--
Arthur T. - ar23hur "at" intergate "dot" com
Looking for a z/OS (IBM mainframe) systems programmer position

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Personally, I would highly advise having secure backups of your keypair
other than just on your PC.

An option that is more helpful in corporate settings, is to have a
designated revoker for your key. That individual can then revoke your key
for you under such circumstances as you mention.

- --
Tom McCune
My PGP Page & FAQ: http://www.McCune.cc/PGP.htm

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.2 (Build 3005)
Comment: PGP FAQ: http://www.mccune.cc/PGP.htm
Charset: utf-8

wsBVAwUBR/06t2DeI9apM77TAQhQuQf/dK4yd2IXLDtLNcVoPTIbaCTxxipgDz4a
FrccnEmyZ+ecRaAP+wKq684VlolVnk5CLpEUsclEiXYzC6A3qm c7lVBKI+C0dgMo
7U1AEiRQBKcqNYdg8SYssvEKpe7qCTFzl0EmUw34i4Z6gNQmbY GbfxqtXzunSo90
e/KA1PoL+2qq0JAja23DjVvvIWhcRYCiCnk/NNuWOccG36kIi5ZYzoqnp7EAqMeO
y/y+w7oPd3kDK2TS/hGwKiHy/chgAdGF2JVFF7Thnn7ai3KNygH3TjwUVgGgamQH
6PXScQcIKNOb6P29ypd3nHYNkpw66pUk2vEujo4HeeJoRdl/HN5GMQ==
=dwot
-----END PGP SIGNATURE-----

TomT schrieb:
> Klaus Maier wrote:
>
>> I have a kind of stupid question. It is not possible to revoke a
>> public key if you do not have the private key anymore to generate
>> the revocation token. Sounds good, but could be very nasty if
>> e.g. your laptop is stolen and the private key, as well as the
>> revocation token are on that computer and you don't have any backup
>> of the files.
>
> Klaus, I admit to very little sympathy at this point.
>

The situation is as follows:
I am a administrator at a medium size company and advised the staff to
use GPG in combination with their mail software to encrypt mails and
important files. Now a very high level employee lost his laptop. Backups
are usually done only from the netApp storage every employee has. Now
this guy escalated the situation, because his public keys are on
keyservers out there and he want them to be revoked.

For me, since I am not centrally administering the key this is a
difficult situation and the question arised if there is nothing I can
do, or if there should be anything I could do in such a situation.

>> What would you do in such a situation? I mean, the file are secured
>> by a keyphrase, but it's the easiest bit of work in hacking
>> encrypted messages to get the passphrase. This is, in my opinion, a
>> tremendously dangerous security issue, because you cannot revoke the
>> public key, you cannot do anything, just waiting until your data
>> gets hacked.
>
> If someone steals my PC, and actually cracks my passphrase, I'll have
> to admit they've *earned* the data on my PC.
>

Easily said, but my job depends on whether the data is safe or not. As
far as I know high level employees they use very easy passwords and they
don't like my whenever I encourage them to change the passwords.

>> For other security measures, in such situations master keys exist to
>> revoke corrupted keys, like for the Infineon TPM software suit. Are
>> there any chances to do something like that in PGP or GPG?
>
> I hope not. I don't want anyone to have a master key to my key.
>

The master key thing is in my opinion very helpful. For example if an
employee sets a BIOS password and he leaves the company without
resetting the password. than you are able to generate a masterkey out of
the hardware ID of the TPM and to other IDs and send them to the
Technical Support of the vendor. The vendor generates the masterkey and
you are able to reset the password.

Wouldn't something like this be a good idea, so you can generate a
revocation without the private key. E.g. you are able to create a
revocation certificate out of the original passphrase + public key?

> Did I miss something basic here? Is the remedy to this situation as
> simple as immediately creating a revocation certificate (when one
> creates a key), backing it up to floppy or CD or USB device or
> whatever, then storing the backup in an offsite place (like a Safety
> Deposit box)?
>
> TomT

Arthur T. schrieb:
> In Message-ID:<65e72$47fcfbda$3e63cf1f$6955@news.inode.at>,
> Klaus Maier wrote:
>
>> I have a kind of stupid question. It is not possible to revoke a public
>> key if you do not have the private key anymore to generate the
>> revocation token. Sounds good, but could be very nasty if e.g. your
>> laptop is stolen and the private key, as well as the revocation token
>> are on that computer and you don't have any backup of the files.
>
> That should not be a problem. Just restore your files from a
> backup onto your new computer and publish the revocation. If your
> house burns down taking your computer and backups with it, use
> your offsite backups.
>
> There is *no* good reason for anyone with a computer not to
> have backups and offsite backups.
>

backups are made only from the netApp and the specific user didn't
stored them on the netApp.

>> the file are secured by a
>> keyphrase, but it's the easiest bit of work in hacking encrypted
>> messages to get the passphrase.
>
> Only if you've chosen a weak passphrase. With a good
> passphrase, your keyrings are safe from being used by anyone but
> yourself. If it's a modern laptop with hardware encryption, the
> thief will have a hard time (or an expensive process) getting to
> any of your files.
>

Probably our director used the same simple password for everything. the
OS, the mailaccount, PGP,...
And now I am as administrator responsible for revocation of the cert and
to keep the data on the stolen laptop safe.

Tom McCune schrieb:
> Personally, I would highly advise having secure backups of your keypair
> other than just on your PC.
>
> An option that is more helpful in corporate settings, is to have a
> designated revoker for your key. That individual can then revoke your key
> for you under such circumstances as you mention.
>

I will setup a process for the safe revocation and backup of keys, but
for the given situation it's too late. Maybe this could be seen as
crying after a feature that never existed, but would be very helpful in
my scenario.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Klaus Maier wrote in
news:5cfc6$47fdc217$3e63cf1f$29830@news.inode.at:

> I will setup a process for the safe revocation and backup of keys, but
> for the given situation it's too late. Maybe this could be seen as
> crying after a feature that never existed, but would be very helpful in
> my scenario.

PGP product feature requests can be made here:
http://www.pgp.com/products/feature_request_form.html

- --
Tom McCune
My PGP Page & FAQ: http://www.McCune.cc/PGP.htm

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.2 (Build 3005)
Comment: PGP FAQ: http://www.mccune.cc/PGP.htm
Charset: utf-8

wsBVAwUBR/4AiGDeI9apM77TAQiubQf/bKDVlfBFE35EnDkJI3a7/Z9DFNEwKVrr
14Be82AnzzUZGQ4Fz8kSRFFnR8bEWnTwTSav++ZwYM0i3BzNN5 ZJqHXtqZQjuCWS
42fVUMkFIKH5wMYE7LlK1TdSCPssgvUHDcIvbfl6AStumrvynu TnrOhDdcMfH6cQ
WNwOkcpAkGWyb08aC/1t+2tNDQs88SPWVcIUlWPgncGdvsdzpavDSKFPhVcZ0QhS
jolVCabhxYD72U10GiLbzXrViRSWenWuRg/aBs+2NdWO0cx40l+7/a7YOroXpmxs
xpYkj9X/VkL4o1j5gvmiVjroqZ1lxjWhFTbWAPndPCSY3jqDuIMh6Q==
=TaNf
-----END PGP SIGNATURE-----

Tom McCune schrieb:
> Klaus Maier wrote in
> news:5cfc6$47fdc217$3e63cf1f$29830@news.inode.at:
>
>> I will setup a process for the safe revocation and backup of keys, but
>> for the given situation it's too late. Maybe this could be seen as
>> crying after a feature that never existed, but would be very helpful in
>> my scenario.
>
> PGP product feature requests can be made here:
> http://www.pgp.com/products/feature_request_form.html
>

Thank your for the suggestion. I made a feature request for the
revocation thing right now.

Klaus Maier wrote:

> The situation is as follows:

> I am a administrator at a medium size company and advised the staff to
> use GPG in combination with their mail software to encrypt mails and
> important files. Now a very high level employee lost his laptop. Backups
> are usually done only from the netApp storage every employee has. Now
> this guy escalated the situation, because his public keys are on
> keyservers out there and he want them to be revoked.



> For me, since I am not centrally administering the key this is a
> difficult situation and the question arised if there is nothing I can
> do, or if there should be anything I could do in such a situation.


I sympathize with your situation. I think Tom McCune's suggestion of
a designated revoker is the best for you and your company in the
future. As for the lost laptop - without a backup - I see no way out
of the situation.

TomT

In Message-ID:,
Klaus Maier wrote:

>I am a administrator at a medium size company and advised the staff to
>use GPG in combination with their mail software to encrypt mails and
>important files. Now a very high level employee lost his laptop. Backups
> are usually done only from the netApp storage every employee has. Now
>this guy escalated the situation, because his public keys are on
>keyservers out there and he want them to be revoked.


Part of me wants to scream, "You're a PROFESSIONAL, and you
let this happen?" Part of me is very sympathetic to your position
and the realities of business and bureaucracies.

All of me suggests that this would be an excellent time to
update your resume.

There's probably nothing you can do about what's already
happened. Probably the most useful thing you can do is go to your
boss with a detailed explanation of what changes you're going to
make so this situation never again arises. You might start with
mandatory whole-disk (or whole-partition) encryption on all
laptops. Then, explain how you're going to make sure that not
only the keyrings, but ALL important files will get backed up,
regardless of the competence of the user.

--
Arthur T. - ar23hur "at" intergate "dot" com
Looking for a z/OS (IBM mainframe) systems programmer position

On 4/9/2008 10:24 AM, Klaus Maier wrote:
> Dear all,
>
> I have a kind of stupid question. It is not possible to revoke a public
> key if you do not have the private key anymore to generate the
> revocation token. Sounds good, but could be very nasty if e.g. your
> laptop is stolen and the private key, as well as the revocation token
> are on that computer and you don't have any backup of the files.
>
> What would you do in such a situation? I mean, the file are secured by a
> keyphrase, but it's the easiest bit of work in hacking encrypted
> messages to get the passphrase. This is, in my opinion, a tremendously
> dangerous security issue, because you cannot revoke the public key, you
> cannot do anything, just waiting until your data gets hacked.
>
> For other security measures, in such situations master keys exist to
> revoke corrupted keys, like for the Infineon TPM software suit. Are
> there any chances to do something like that in PGP or GPG?
>
> Kind regards,
> K. Maier

See my . While the
title is "Remove a Key From a Key Server?", it also addresses your
specific problem.

Using what happened as a lesson learned, you must now take preventive
action. Using the steps in
, each
employee should create a revocation certificate. As Howes indicates,
these should be copied to some form of removable or remote medium
(floppy disc [remember these?], memory stick, network file server, etc);
in your case, the medium must be accessible to you.

I would add a step to Howes's instructions. After importing the
non-revoked key-pair back into the user's keyring, I would use a secure
disc-erase application (I use the freeware Eraser by Sami Tolvanen) to
erase the exported backup. This will prevent the private key from
falling into hostile hands.

YOU should collect the revocation certificates, keeping each one
separate (not combined into a keyring). Your archive should identify
each revocation certificates with its user ID (often an E-mail address)
and key ID (a hex string).

The next time a laptop is lost, a private key is accidentally deleted
without any backup, or a passphrase cannot be remembered, YOU can now
revoke the affected key.

--
David Ross


Have you been using Netscape and now feel abandoned by AOL?
Then use SeaMonkey. Go to .

David E. Ross schrieb:
>
> See my . While the
> title is "Remove a Key From a Key Server?", it also addresses your
> specific problem.
>
>

Hi David!

I am not sure whether I followed your instructions right. I created a
new keypair for my user, signed it and added the "Key revoked -- do not
use" thing. Then I have downloaded the public key from the keyserver and
signed the public key with my new key.

Finally I uploaded the old public key again to the keyserver. I guess
this targets on changing the key ID and the user ID on the key server.
But they still seem to be the old ones.

Maybe I did something wrong. The certificate still looks like before,
but there are the two new signatures in it. That's not really like
deleting from the key server, but it's a good start for the next week... :-)

On 4/11/2008 8:15 AM, Klaus Maier wrote:
> David E. Ross schrieb:
>> See my . While the
>> title is "Remove a Key From a Key Server?", it also addresses your
>> specific problem.
>>
>>
>
> Hi David!
>
> I am not sure whether I followed your instructions right. I created a
> new keypair for my user, signed it and added the "Key revoked -- do not
> use" thing. Then I have downloaded the public key from the keyserver and
> signed the public key with my new key.
>
> Finally I uploaded the old public key again to the keyserver. I guess
> this targets on changing the key ID and the user ID on the key server.
> But they still seem to be the old ones.
>
> Maybe I did something wrong. The certificate still looks like before,
> but there are the two new signatures in it. That's not really like
> deleting from the key server, but it's a good start for the next week... :-)

You can't delete the old key from most servers.

When you view the old key on a keyserver, one of the new signatures
should now have the user ID "Key revoked -- do not use". That's the
best you can do without the old private key and its passphrase. Don't
forget to remove that signature from the NEW key before uploading it to
a server.

--
David Ross


Have you been using Netscape and now feel abandoned by AOL?
Then use SeaMonkey. Go to .

In Arthur T. writes:

> Part of me wants to scream, "You're a PROFESSIONAL, and you
>let this happen?" Part of me is very sympathetic to your position
>and the realities of business and bureaucracies.


> There's probably nothing you can do about what's already
>happened.

There is one thing you might do. Presumably the lost key has been signed
by various people in the usual web-of-trust style.

So get all those people to revoke their signatures on the key, and upload
the key again to the key servers. Then it will immediately be apparent
that nobody vouches for its authenticity.

--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131 Fax: +44 161 436 6133 Web: http://www.cs.man.ac.uk/~chl
Email: chl@clerew.man.ac.uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5

For company keys you may want to make your users have a common designated
revocation agent, i.e. what ever key you use to certify that they are
employees. Then send you the revocation certificate.

You might want to look into X.509. It is the other PKI system and it is more
suited to businesses. It features a central Certificate Authority,
revocation would be simple in this case.

Keep in mind that revocation only says to not trust a key for authentication
from a designated time and after. Anything encrypted to it can still be
decrypted. I don't think that is what your user was concerned about but I
think it is still worth mentioning.

man gpg
--desig-revoke name
Generate a designated revocation certificate for a key. This
allows a user (with the permission of the keyholder) to revoke
someone else’s key.

Also of interest: http://www.pki-page.org/