0

I understand that usually one should use Tails on a trusted machine to generate PGP keys. However, I find it difficult to trust a machine with an Intel CPU, many wireless interfaces, a hard disk that may have some hidden caches, etc, etc.

So I was considering using a Raspberry Pi 2 B for generating keys. The problem then, is that Tails cannot be run on a Raspberry Pi. So I was thinking about the following:

  • Create a trusted Raspbian image on a cheap 8GB SD card.
  • Use the Raspbian SD card on a Raspberry Pi 2 B (so no Wifi / bluetooth / hard disk).
  • Generate my keys on the Pi. Copy them by hand to paper / put them on a couple of PGP smart cards etc.
  • Destroy physically the SD card used on the Pi when done.

Does that sound like a safe procedure? Anything that could be improved? And / or should I destroy the Raspberry Pi also (and maybe at that stage the keyboard too, in case it is able to log anything)?

Zorglub29
  • 255
  • 1
  • 11
  • *"I understand that usually one should use Tails on a trusted machine to generate PGP keys"* - where did you get this understanding from? While it should be a sufficiently secure system Tails is not the only one. It looks more like this requirement and your threat vectors are only based on anecdotes and not well founded at all, i.e. focusing on some stuff you've heard about but ignoring anything else and especially ignoring the big picture. – Steffen Ullrich Feb 24 '20 at 09:40
  • why would you destroy the pi and keyboard? can't you just format the SD card? unless you're important, such concerns are ridiculous. – dandavis Feb 24 '20 at 18:32
  • Your setup is overkill. Just download any Ubuntu iso, boot from it, and generate the keys. You don't need to go overboard. – ThoriumBR Feb 24 '20 at 19:41

1 Answers1

1

Indeed, the documentation says:

For the moment, Tails is only available on the x86_64 architecture. The Raspberry Pi and most tablets and phones are based on the ARM architecture. Tails does not work on the ARM architecture so far.

And a possible suggestion:

Look for a tablet with an AMD or Intel processor. Try to verify its compatibility with Debian beforehand, for example make sure that the Wi-Fi interface is supported.

If you are really concerned with the hardware, you can probably find a disposable SBC with a suitable architecture, I understand they exist but are substantially more expensive than the Raspberry PI. Otherwise use some old laptop that is going to the trashbin anyway, or a dedicated machine that will never go online and never be used for any other purpose.

Tails is a good option to generate PGP keys in 'airgapped' mode because:

  • it has an option to disable networking on startup (to address one of your concerns)
  • it has ccid drivers and can support smart card readers out of the box (for those who want to immediately transfer subkeys to the smart card)
  • it is normally run as a live disk (or USB key), no hard drive storage involved

However, it is not the only viable option. I believe there is an Ubuntu derivative designed to work offline on sensitive documents (can't remember the name right now).

I agree that a PGP key should preferably be generated in optimal conditions, that is in 'airgapped' mode, you could also add an extra source of entropy, and there quite a few more recommendations.

Or you could simply do your own install of Raspbian on an SD card like you said, and then destroy the SD card. But by your logic, you should also destroy the Raspberry Pi.

It seems that your biggest worry is trust in the hardware. Unfortunately there is no easy solution. AFAIK the Raspberry Pi is not fully open-source hardware-wise, yours may have been built in China, and even if it was produced in a Western country supply chain attacks are a fact of life.

Kate
  • 6,967
  • 20
  • 23