public key revocation - PGP

This is a discussion on public key revocation - PGP ; Dear all, I have a kind of stupid question. It is not possible to revoke a public key if you do not have the private key anymore to generate the revocation token. Sounds good, but could be very nasty if ...

+ Reply to Thread
Results 1 to 16 of 16

Thread: public key revocation

  1. public key revocation

    Dear all,

    I have a kind of stupid question. It is not possible to revoke a public
    key if you do not have the private key anymore to generate the
    revocation token. Sounds good, but could be very nasty if e.g. your
    laptop is stolen and the private key, as well as the revocation token
    are on that computer and you don't have any backup of the files.

    What would you do in such a situation? I mean, the file are secured by a
    keyphrase, but it's the easiest bit of work in hacking encrypted
    messages to get the passphrase. This is, in my opinion, a tremendously
    dangerous security issue, because you cannot revoke the public key, you
    cannot do anything, just waiting until your data gets hacked.

    For other security measures, in such situations master keys exist to
    revoke corrupted keys, like for the Infineon TPM software suit. Are
    there any chances to do something like that in PGP or GPG?

    Kind regards,
    K. Maier

  2. Re: public key revocation

    Klaus Maier wrote:

    > I have a kind of stupid question. It is not possible to revoke a
    > public key if you do not have the private key anymore to generate
    > the revocation token. Sounds good, but could be very nasty if
    > e.g. your laptop is stolen and the private key, as well as the
    > revocation token are on that computer and you don't have any backup
    > of the files.


    Klaus, I admit to very little sympathy at this point.

    > What would you do in such a situation? I mean, the file are secured
    > by a keyphrase, but it's the easiest bit of work in hacking
    > encrypted messages to get the passphrase. This is, in my opinion, a
    > tremendously dangerous security issue, because you cannot revoke the
    > public key, you cannot do anything, just waiting until your data
    > gets hacked.


    If someone steals my PC, and actually cracks my passphrase, I'll have
    to admit they've *earned* the data on my PC.

    > For other security measures, in such situations master keys exist to
    > revoke corrupted keys, like for the Infineon TPM software suit. Are
    > there any chances to do something like that in PGP or GPG?


    I hope not. I don't want anyone to have a master key to my key.

    Did I miss something basic here? Is the remedy to this situation as
    simple as immediately creating a revocation certificate (when one
    creates a key), backing it up to floppy or CD or USB device or
    whatever, then storing the backup in an offsite place (like a Safety
    Deposit box)?

    TomT

  3. Re: public key revocation

    In Message-ID:<65e72$47fcfbda$3e63cf1f$6955@news.inode.at>,
    Klaus Maier wrote:

    >I have a kind of stupid question. It is not possible to revoke a public
    >key if you do not have the private key anymore to generate the
    >revocation token. Sounds good, but could be very nasty if e.g. your
    >laptop is stolen and the private key, as well as the revocation token
    >are on that computer and you don't have any backup of the files.


    That should not be a problem. Just restore your files from a
    backup onto your new computer and publish the revocation. If your
    house burns down taking your computer and backups with it, use
    your offsite backups.

    There is *no* good reason for anyone with a computer not to
    have backups and offsite backups.

    >the file are secured by a
    >keyphrase, but it's the easiest bit of work in hacking encrypted
    >messages to get the passphrase.


    Only if you've chosen a weak passphrase. With a good
    passphrase, your keyrings are safe from being used by anyone but
    yourself. If it's a modern laptop with hardware encryption, the
    thief will have a hard time (or an expensive process) getting to
    any of your files.

    --
    Arthur T. - ar23hur "at" intergate "dot" com
    Looking for a z/OS (IBM mainframe) systems programmer position

  4. Re: public key revocation

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256

    Personally, I would highly advise having secure backups of your keypair
    other than just on your PC.

    An option that is more helpful in corporate settings, is to have a
    designated revoker for your key. That individual can then revoke your key
    for you under such circumstances as you mention.

    - --
    Tom McCune
    My PGP Page & FAQ: http://www.McCune.cc/PGP.htm

    -----BEGIN PGP SIGNATURE-----
    Version: PGP Desktop 9.8.2 (Build 3005)
    Comment: PGP FAQ: http://www.mccune.cc/PGP.htm
    Charset: utf-8

    wsBVAwUBR/06t2DeI9apM77TAQhQuQf/dK4yd2IXLDtLNcVoPTIbaCTxxipgDz4a
    FrccnEmyZ+ecRaAP+wKq684VlolVnk5CLpEUsclEiXYzC6A3qm c7lVBKI+C0dgMo
    7U1AEiRQBKcqNYdg8SYssvEKpe7qCTFzl0EmUw34i4Z6gNQmbY GbfxqtXzunSo90
    e/KA1PoL+2qq0JAja23DjVvvIWhcRYCiCnk/NNuWOccG36kIi5ZYzoqnp7EAqMeO
    y/y+w7oPd3kDK2TS/hGwKiHy/chgAdGF2JVFF7Thnn7ai3KNygH3TjwUVgGgamQH
    6PXScQcIKNOb6P29ypd3nHYNkpw66pUk2vEujo4HeeJoRdl/HN5GMQ==
    =dwot
    -----END PGP SIGNATURE-----

  5. Re: public key revocation

    TomT schrieb:
    > Klaus Maier wrote:
    >
    >> I have a kind of stupid question. It is not possible to revoke a
    >> public key if you do not have the private key anymore to generate
    >> the revocation token. Sounds good, but could be very nasty if
    >> e.g. your laptop is stolen and the private key, as well as the
    >> revocation token are on that computer and you don't have any backup
    >> of the files.

    >
    > Klaus, I admit to very little sympathy at this point.
    >


    The situation is as follows:
    I am a administrator at a medium size company and advised the staff to
    use GPG in combination with their mail software to encrypt mails and
    important files. Now a very high level employee lost his laptop. Backups
    are usually done only from the netApp storage every employee has. Now
    this guy escalated the situation, because his public keys are on
    keyservers out there and he want them to be revoked.

    For me, since I am not centrally administering the key this is a
    difficult situation and the question arised if there is nothing I can
    do, or if there should be anything I could do in such a situation.

    >> What would you do in such a situation? I mean, the file are secured
    >> by a keyphrase, but it's the easiest bit of work in hacking
    >> encrypted messages to get the passphrase. This is, in my opinion, a
    >> tremendously dangerous security issue, because you cannot revoke the
    >> public key, you cannot do anything, just waiting until your data
    >> gets hacked.

    >
    > If someone steals my PC, and actually cracks my passphrase, I'll have
    > to admit they've *earned* the data on my PC.
    >


    Easily said, but my job depends on whether the data is safe or not. As
    far as I know high level employees they use very easy passwords and they
    don't like my whenever I encourage them to change the passwords.

    >> For other security measures, in such situations master keys exist to
    >> revoke corrupted keys, like for the Infineon TPM software suit. Are
    >> there any chances to do something like that in PGP or GPG?

    >
    > I hope not. I don't want anyone to have a master key to my key.
    >


    The master key thing is in my opinion very helpful. For example if an
    employee sets a BIOS password and he leaves the company without
    resetting the password. than you are able to generate a masterkey out of
    the hardware ID of the TPM and to other IDs and send them to the
    Technical Support of the vendor. The vendor generates the masterkey and
    you are able to reset the password.

    Wouldn't something like this be a good idea, so you can generate a
    revocation without the private key. E.g. you are able to create a
    revocation certificate out of the original passphrase + public key?

    > Did I miss something basic here? Is the remedy to this situation as
    > simple as immediately creating a revocation certificate (when one
    > creates a key), backing it up to floppy or CD or USB device or
    > whatever, then storing the backup in an offsite place (like a Safety
    > Deposit box)?
    >
    > TomT


  6. Re: public key revocation

    Arthur T. schrieb:
    > In Message-ID:<65e72$47fcfbda$3e63cf1f$6955@news.inode.at>,
    > Klaus Maier wrote:
    >
    >> I have a kind of stupid question. It is not possible to revoke a public
    >> key if you do not have the private key anymore to generate the
    >> revocation token. Sounds good, but could be very nasty if e.g. your
    >> laptop is stolen and the private key, as well as the revocation token
    >> are on that computer and you don't have any backup of the files.

    >
    > That should not be a problem. Just restore your files from a
    > backup onto your new computer and publish the revocation. If your
    > house burns down taking your computer and backups with it, use
    > your offsite backups.
    >
    > There is *no* good reason for anyone with a computer not to
    > have backups and offsite backups.
    >


    backups are made only from the netApp and the specific user didn't
    stored them on the netApp.

    >> the file are secured by a
    >> keyphrase, but it's the easiest bit of work in hacking encrypted
    >> messages to get the passphrase.

    >
    > Only if you've chosen a weak passphrase. With a good
    > passphrase, your keyrings are safe from being used by anyone but
    > yourself. If it's a modern laptop with hardware encryption, the
    > thief will have a hard time (or an expensive process) getting to
    > any of your files.
    >


    Probably our director used the same simple password for everything. the
    OS, the mailaccount, PGP,...
    And now I am as administrator responsible for revocation of the cert and
    to keep the data on the stolen laptop safe.

  7. Re: public key revocation

    Tom McCune schrieb:
    > Personally, I would highly advise having secure backups of your keypair
    > other than just on your PC.
    >
    > An option that is more helpful in corporate settings, is to have a
    > designated revoker for your key. That individual can then revoke your key
    > for you under such circumstances as you mention.
    >


    I will setup a process for the safe revocation and backup of keys, but
    for the given situation it's too late. Maybe this could be seen as
    crying after a feature that never existed, but would be very helpful in
    my scenario.

  8. Re: public key revocation

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256

    Klaus Maier wrote in
    news:5cfc6$47fdc217$3e63cf1f$29830@news.inode.at:

    > I will setup a process for the safe revocation and backup of keys, but
    > for the given situation it's too late. Maybe this could be seen as
    > crying after a feature that never existed, but would be very helpful in
    > my scenario.


    PGP product feature requests can be made here:
    http://www.pgp.com/products/feature_request_form.html

    - --
    Tom McCune
    My PGP Page & FAQ: http://www.McCune.cc/PGP.htm

    -----BEGIN PGP SIGNATURE-----
    Version: PGP Desktop 9.8.2 (Build 3005)
    Comment: PGP FAQ: http://www.mccune.cc/PGP.htm
    Charset: utf-8

    wsBVAwUBR/4AiGDeI9apM77TAQiubQf/bKDVlfBFE35EnDkJI3a7/Z9DFNEwKVrr
    14Be82AnzzUZGQ4Fz8kSRFFnR8bEWnTwTSav++ZwYM0i3BzNN5 ZJqHXtqZQjuCWS
    42fVUMkFIKH5wMYE7LlK1TdSCPssgvUHDcIvbfl6AStumrvynu TnrOhDdcMfH6cQ
    WNwOkcpAkGWyb08aC/1t+2tNDQs88SPWVcIUlWPgncGdvsdzpavDSKFPhVcZ0QhS
    jolVCabhxYD72U10GiLbzXrViRSWenWuRg/aBs+2NdWO0cx40l+7/a7YOroXpmxs
    xpYkj9X/VkL4o1j5gvmiVjroqZ1lxjWhFTbWAPndPCSY3jqDuIMh6Q==
    =TaNf
    -----END PGP SIGNATURE-----

  9. Re: public key revocation

    Tom McCune schrieb:
    > Klaus Maier wrote in
    > news:5cfc6$47fdc217$3e63cf1f$29830@news.inode.at:
    >
    >> I will setup a process for the safe revocation and backup of keys, but
    >> for the given situation it's too late. Maybe this could be seen as
    >> crying after a feature that never existed, but would be very helpful in
    >> my scenario.

    >
    > PGP product feature requests can be made here:
    > http://www.pgp.com/products/feature_request_form.html
    >


    Thank your for the suggestion. I made a feature request for the
    revocation thing right now.

  10. Re: public key revocation

    Klaus Maier wrote:

    > The situation is as follows:


    > I am a administrator at a medium size company and advised the staff to
    > use GPG in combination with their mail software to encrypt mails and
    > important files. Now a very high level employee lost his laptop. Backups
    > are usually done only from the netApp storage every employee has. Now
    > this guy escalated the situation, because his public keys are on
    > keyservers out there and he want them to be revoked.




    > For me, since I am not centrally administering the key this is a
    > difficult situation and the question arised if there is nothing I can
    > do, or if there should be anything I could do in such a situation.



    I sympathize with your situation. I think Tom McCune's suggestion of
    a designated revoker is the best for you and your company in the
    future. As for the lost laptop - without a backup - I see no way out
    of the situation.

    TomT

  11. Re: public key revocation

    In Message-ID:,
    Klaus Maier wrote:

    >I am a administrator at a medium size company and advised the staff to
    >use GPG in combination with their mail software to encrypt mails and
    >important files. Now a very high level employee lost his laptop. Backups
    > are usually done only from the netApp storage every employee has. Now
    >this guy escalated the situation, because his public keys are on
    >keyservers out there and he want them to be revoked.



    Part of me wants to scream, "You're a PROFESSIONAL, and you
    let this happen?" Part of me is very sympathetic to your position
    and the realities of business and bureaucracies.

    All of me suggests that this would be an excellent time to
    update your resume.

    There's probably nothing you can do about what's already
    happened. Probably the most useful thing you can do is go to your
    boss with a detailed explanation of what changes you're going to
    make so this situation never again arises. You might start with
    mandatory whole-disk (or whole-partition) encryption on all
    laptops. Then, explain how you're going to make sure that not
    only the keyrings, but ALL important files will get backed up,
    regardless of the competence of the user.

    --
    Arthur T. - ar23hur "at" intergate "dot" com
    Looking for a z/OS (IBM mainframe) systems programmer position

  12. Re: public key revocation

    On 4/9/2008 10:24 AM, Klaus Maier wrote:
    > Dear all,
    >
    > I have a kind of stupid question. It is not possible to revoke a public
    > key if you do not have the private key anymore to generate the
    > revocation token. Sounds good, but could be very nasty if e.g. your
    > laptop is stolen and the private key, as well as the revocation token
    > are on that computer and you don't have any backup of the files.
    >
    > What would you do in such a situation? I mean, the file are secured by a
    > keyphrase, but it's the easiest bit of work in hacking encrypted
    > messages to get the passphrase. This is, in my opinion, a tremendously
    > dangerous security issue, because you cannot revoke the public key, you
    > cannot do anything, just waiting until your data gets hacked.
    >
    > For other security measures, in such situations master keys exist to
    > revoke corrupted keys, like for the Infineon TPM software suit. Are
    > there any chances to do something like that in PGP or GPG?
    >
    > Kind regards,
    > K. Maier


    See my . While the
    title is "Remove a Key From a Key Server?", it also addresses your
    specific problem.

    Using what happened as a lesson learned, you must now take preventive
    action. Using the steps in
    , each
    employee should create a revocation certificate. As Howes indicates,
    these should be copied to some form of removable or remote medium
    (floppy disc [remember these?], memory stick, network file server, etc);
    in your case, the medium must be accessible to you.

    I would add a step to Howes's instructions. After importing the
    non-revoked key-pair back into the user's keyring, I would use a secure
    disc-erase application (I use the freeware Eraser by Sami Tolvanen) to
    erase the exported backup. This will prevent the private key from
    falling into hostile hands.

    YOU should collect the revocation certificates, keeping each one
    separate (not combined into a keyring). Your archive should identify
    each revocation certificates with its user ID (often an E-mail address)
    and key ID (a hex string).

    The next time a laptop is lost, a private key is accidentally deleted
    without any backup, or a passphrase cannot be remembered, YOU can now
    revoke the affected key.

    --
    David Ross


    Have you been using Netscape and now feel abandoned by AOL?
    Then use SeaMonkey. Go to .

  13. Re: public key revocation

    David E. Ross schrieb:
    >
    > See my . While the
    > title is "Remove a Key From a Key Server?", it also addresses your
    > specific problem.
    >
    >


    Hi David!

    I am not sure whether I followed your instructions right. I created a
    new keypair for my user, signed it and added the "Key revoked -- do not
    use" thing. Then I have downloaded the public key from the keyserver and
    signed the public key with my new key.

    Finally I uploaded the old public key again to the keyserver. I guess
    this targets on changing the key ID and the user ID on the key server.
    But they still seem to be the old ones.

    Maybe I did something wrong. The certificate still looks like before,
    but there are the two new signatures in it. That's not really like
    deleting from the key server, but it's a good start for the next week... :-)

  14. Re: public key revocation

    On 4/11/2008 8:15 AM, Klaus Maier wrote:
    > David E. Ross schrieb:
    >> See my . While the
    >> title is "Remove a Key From a Key Server?", it also addresses your
    >> specific problem.
    >>
    >>

    >
    > Hi David!
    >
    > I am not sure whether I followed your instructions right. I created a
    > new keypair for my user, signed it and added the "Key revoked -- do not
    > use" thing. Then I have downloaded the public key from the keyserver and
    > signed the public key with my new key.
    >
    > Finally I uploaded the old public key again to the keyserver. I guess
    > this targets on changing the key ID and the user ID on the key server.
    > But they still seem to be the old ones.
    >
    > Maybe I did something wrong. The certificate still looks like before,
    > but there are the two new signatures in it. That's not really like
    > deleting from the key server, but it's a good start for the next week... :-)


    You can't delete the old key from most servers.

    When you view the old key on a keyserver, one of the new signatures
    should now have the user ID "Key revoked -- do not use". That's the
    best you can do without the old private key and its passphrase. Don't
    forget to remove that signature from the NEW key before uploading it to
    a server.

    --
    David Ross


    Have you been using Netscape and now feel abandoned by AOL?
    Then use SeaMonkey. Go to .

  15. Re: public key revocation

    In Arthur T. writes:

    > Part of me wants to scream, "You're a PROFESSIONAL, and you
    >let this happen?" Part of me is very sympathetic to your position
    >and the realities of business and bureaucracies.



    > There's probably nothing you can do about what's already
    >happened.


    There is one thing you might do. Presumably the lost key has been signed
    by various people in the usual web-of-trust style.

    So get all those people to revoke their signatures on the key, and upload
    the key again to the key servers. Then it will immediately be apparent
    that nobody vouches for its authenticity.

    --
    Charles H. Lindsey ---------At Home, doing my own thing------------------------
    Tel: +44 161 436 6131 Fax: +44 161 436 6133 Web: http://www.cs.man.ac.uk/~chl
    Email: chl@clerew.man.ac.uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
    PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5

  16. Re: public key revocation

    For company keys you may want to make your users have a common designated
    revocation agent, i.e. what ever key you use to certify that they are
    employees. Then send you the revocation certificate.

    You might want to look into X.509. It is the other PKI system and it is more
    suited to businesses. It features a central Certificate Authority,
    revocation would be simple in this case.

    Keep in mind that revocation only says to not trust a key for authentication
    from a designated time and after. Anything encrypted to it can still be
    decrypted. I don't think that is what your user was concerned about but I
    think it is still worth mentioning.

    man gpg
    --desig-revoke name
    Generate a designated revocation certificate for a key. This
    allows a user (with the permission of the keyholder) to revoke
    someone else’s key.

    Also of interest: http://www.pki-page.org/

+ Reply to Thread