10

I have created a 4096-bit key-pair using GnuPG.

Can I expose the passphrase-protected private key to an untrusted system? E.g. can I put that key in my Dropbox account or send it to myself as an email attachment?

Assuming, of course, that the passphrase is sufficient (20+ characters).

Jens Erat
  • 23,446
  • 12
  • 72
  • 96
John
  • 103
  • 6

3 Answers3

10

Compare putting the encrypted private key onto some untrusted storage with putting the unencrypted one into an encrypted container like TrueCrypt or LUKS. Technically, the result is pretty much the same, apart from OpenPGP meta data being visible for the encrypted private key.

Your key is as secure as the symmetric encryption algorithm applied for encrypting it using your passphrase. Generally, the algorithms applied are considered secure; given a reasonably long passphrase preventing brute-force attacks is used putting a private key on an untrusted storage must not be an absolute no-go.

But be aware that you're losing a second security net: given the passphrase is cracked/leaked (at any time in future!) or issues with the symmetric encryption algorithm in use are found, you lost the additional security layer of not making the encrypted private key available.

Also consider using OpenPGP smartcards for "sharing" a key between computers and especially subkeys while keeping your private primary key offline (maybe even on a thumb drive usually not connected to your computer). No matter whether you upload the key or not, for sure you've already created a revocation certificate?

Community
  • 1
Jens Erat
  • 23,446
  • 12
  • 72
  • 96
3

If the protected system is not that critical, yeah sure. Go ahead. But do take note that whatever that key is guarding, it's effectively being replaced by your passphrase. Think of a vault being replaced by a cash box.

You should take responsibility in the event that the passphrase somehow leaks (as a result of being drunk, torture, etc.)

Aloha
  • 910
  • 7
  • 14
1

It depends, but probably not. Even if the passphrase is sufficient, you can use weak or insecure algorithm to encrypt the private key.

Then, we also need to assume that the key have some validity period. The validity period must not be longer, than it would take to crack the algoritm. We also need to assume that Dropbox can make a copy of it, so the algorithm have to be secure as long as the key is valid.

Vilican
  • 2,703
  • 8
  • 21
  • 35
  • 3
    Please be aware that [expiration dates for primary keys don't add any security benefit if the private key leaks](http://security.stackexchange.com/questions/14718/does-gpg-key-expiration-add-to-security/79386#79386). – Jens Erat Jul 06 '15 at 12:12
  • Yes, of course. But the private key *encrypted* is uploaded into Dropbox. So if the key expire and then they manage to decrypt it, it is useless. – Vilican Jul 06 '15 at 15:13
  • 2
    No, it doesn't -- this is a common misunderstanding and exactly what I explained in the linked post. The expiration date can be changed and set to an arbitrary (also future!) one at any time, even after the key actually expired. – Jens Erat Jul 06 '15 at 15:22