Safe with counter for storing secret key - PGP

This is a discussion on Safe with counter for storing secret key - PGP ; For storing a secret master key, I'm looking for a safe that counts the number of times it has been opened. An alternative would be a safe that remembers the last time it was opened. Does such a thing exist? ...

+ Reply to Thread
Results 1 to 8 of 8

Thread: Safe with counter for storing secret key

  1. Safe with counter for storing secret key

    For storing a secret master key, I'm looking for a safe that counts the
    number of times it has been opened. An alternative would be a safe that
    remembers the last time it was opened. Does such a thing exist?

    If not, one could store the key on two or three smart cards (one or two
    as a backup) which do have counters built in and which act somewhat like
    a safe themselves. However, I don't know if there is any smart card
    that allows me to do PGP (with gnupg) with a 2048 bit RSA secret key.
    Also, I'm worried that smart cards are really not that safe: Maybe
    someone finds a hole that can be easily exploited for reading the secret
    key, e.g. by someone who wants to play a (harmful) prank on me.

    --
    Felix E. Klee


  2. Re: Safe with counter for storing secret key

    "Felix E. Klee" wrote in news:87hd2cl3tm.wl%
    felix.klee@inka.de:

    > Also, I'm worried that smart cards are really not that safe: Maybe
    > someone finds a hole that can be easily exploited for reading the secret
    > key, e.g. by someone who wants to play a (harmful) prank on me.


    I think the big weakness of smart cards are that at least some of them can be
    physically taken apart; which then gives one full access to the non-encrypted
    private key - private keys are not encrypted when stored on a smart card.
    See: http://tinyurl.com/bj64h

  3. Re: Safe with counter for storing secret key

    At Fri, 23 Jun 2006 10:37:24 GMT,
    Tom McCune wrote:
    > I think the big weakness of smart cards are that at least some of them
    > can be physically taken apart; which then gives one full access to the
    > non-encrypted private key - private keys are not encrypted when stored
    > on a smart card. See: http://tinyurl.com/bj64h


    Thanks for the very interesting pointer!

    --
    Felix E. Klee


  4. Re: Safe with counter for storing secret key

    At Fri, 23 Jun 2006 09:38:13 +0200,
    Felix E. Klee wrote:
    > For storing a secret master key, I'm looking for a safe that counts
    > the number of times it has been opened. An alternative would be a
    > safe that remembers the last time it was opened. Does such a thing
    > exist?


    In found out now that there are locks for safes that do log events (such
    as opening of a door). This technology is frequently called "auditing".
    Examples:

    - Lagard LGAudit:

    http://www.lagard.com/pages/index.as...w_product&id=9

    - Wittkopp/Insys EloStar 7215:

    http://www.cawi.com/contentus/html/e...nic-locks.html

    Also AFAICS one could equip a small safe such as the Hartmann 2004 with
    such a lock, but it would be prohibitively expensive, probably somewhere
    around 600 USD.

    Any hints/remarks are welcome.

    --
    Felix E. Klee


  5. Re: Safe with counter for storing secret key

    "Felix E. Klee" writes:

    >For storing a secret master key, I'm looking for a safe that counts the
    >number of times it has been opened. An alternative would be a safe that
    >remembers the last time it was opened. Does such a thing exist?



    Yes, but they are very expensive. The counter is inside the control
    drawer. It's not integral to the container.




    --
    A host is a host from coast to coast.................wb8foz@nrk.com
    & no one will talk to a host that's close........[v].(301) 56-LINUX
    Unless the host (that isn't close).........................pob 1433
    is busy, hung or dead....................................20915-1433

  6. Re: Safe with counter for storing secret key

    "Felix E. Klee" writes:

    >At Fri, 23 Jun 2006 09:38:13 +0200,
    >Felix E. Klee wrote:
    >> For storing a secret master key, I'm looking for a safe that counts
    >> the number of times it has been opened. An alternative would be a
    >> safe that remembers the last time it was opened. Does such a thing
    >> exist?


    >In found out now that there are locks for safes that do log events (such
    >as opening of a door). This technology is frequently called "auditing".


    The X07 locks had counters. I assume the X08's do as well.
    ISTM the X07 went for $1200 on GSA schedule..



    --
    A host is a host from coast to coast.................wb8foz@nrk.com
    & no one will talk to a host that's close........[v].(301) 56-LINUX
    Unless the host (that isn't close).........................pob 1433
    is busy, hung or dead....................................20915-1433

  7. Re: Safe with counter for storing secret key

    At Mon, 26 Jun 2006 01:59:17 +0000 (UTC),
    David Lesher wrote:
    > The X07 locks had counters. I assume the X08's do as well. ISTM the
    > X07 went for $1200 on GSA schedule..


    The current model seems to be the X09:

    http://www.mas-hamilton.com/a.php?page=x-09_main

    Maybe they are the best of their kind, but one doesn't have to spend
    that much money for an auditing lock. I just got a price quote from a
    German company:

    Furniture safe Bielefeld with electronic lock GST S plus (outside size
    in mm: 196 x 306 x 190; inside size: 124 x 230 x 110):

    448.00 EUR

    Unit for reading the audit trail:

    150.00 EUR

    Still: unaffordable for me.

    Then there's the Chinese company Pregex which
    offers small safes with auditing locks. However, I was not able to find
    a price for any of their products on the Web. Probably they are mostly
    an OEM manufacturer, and their safes are sold under differing brand
    names.

    BTW, an interesting alternative (but probably even more expensive)
    solution for storing the primary secret key is making it as public as
    possible when someone accesses it: For example one could store the key
    in an ordinary safe and have a life video stream of the safe publicly
    broadcasted on the Net.

    --
    Felix E. Klee


  8. Re: Safe with counter for storing secret key

    At Tue, 27 Jun 2006 14:46:18 +0000 (UTC),
    David Lesher wrote:
    > But the fact they do have audit counters makes it less likely anyone
    > else still makes in-drawer types.


    I just read the above sentence again, but I still can't make sense of
    it. Please let me know what you are referring to when you write
    "in-drawer types". Do you refer to safes that have a certain form
    factor? If so, what does this have to do with Mas Hamilton? AFAIK, they
    don't produce safes. Furthermore, I assume that their locks can be
    combined with safes from many different manufacturers.

    Anyhow, I just found another manufacturer that offers low budget safes
    with auditing locks: Dometic. I'm not sure, however, if, in order to
    read out the audit-trail, one really needs to buy the expensive printer
    that they offer. That would be a definite drawback, although for the
    intended target audience (hotels), the price probably doesn't matter
    since only one printer is needed for many safes.

    I just wonder: To me storing a secret key in an auditing safe seems to
    be close to perfect. But maybe I'm missing something, am I?

    --
    Felix E. Klee


+ Reply to Thread