tag:gpgtools.tenderapp.com,2011-11-04:/discussions/problems/43475-protecting-secret-keysGPGTools: Discussion 2021-11-07T23:24:50Ztag:gpgtools.tenderapp.com,2011-11-04:Comment/373347992015-07-08T17:06:35Z2015-07-08T17:06:35ZProtecting secret keys<div><p>Hi Davood,</p>
<p>if someone gains access to your laptop without having a password
setup in OSX screensaver, all kind of things can happen. Starting
with key loggers being installer and ending with all kinds of
malware running on your system. So probably then, leaked sec keys
(but not their passphrases - with which they are still protected)
is one of the minor issues you'd be facing in that scenario.</p>
<p>The above already includes the counter measure to this issue:
setup a screensaver with password which kicks in after a few
minutes of unused time if you work in multidesk work environments
or travel a lot.</p>
<p>Could you link the discussion from Bill so I can revisit and
correct potential errors? Just from the context we are speaking
about maybe I should have clarified that there is a) the OSX
password in connection of a screensaver and b) the passphrase
connected to your sec key.</p>
<p>All the best,<br>
steve</p></div>Stevetag:gpgtools.tenderapp.com,2011-11-04:Comment/373347992015-07-08T17:22:34Z2015-07-08T17:22:34ZProtecting secret keys<div><p>Hi Steve,</p>
<p>Thanks for your quick reply. Here is the link to Bill's
query:<br>
<a href="http://support.gpgtools.org/discussions/problems/1667-access-to-secret-key">
http://support.gpgtools.org/discussions/problems/1667-access-to-sec...</a></p>
<p>You are quite right about the screensaver password. I will
certainly do that. But do you not think that it would be sensible
to have the option in preferences of GPG Keychain that editing and
exporting of keys won't be allowed without a password?</p>
<p>Best regards,</p>
<p>Davood</p></div>Davood Heshmatytag:gpgtools.tenderapp.com,2011-11-04:Comment/373347992015-07-08T17:34:03Z2015-07-08T17:34:03ZProtecting secret keys<div><p>We do agree, that having an option to generally protect GPG
Keychain with a password, would be nice to have. That would then
also cover key editing of course.</p>
<p>We have a ticket for this problem. I connected this discussion
with the existing ticket. That means, should this discussion get
closed, it will be re-opened as soon as the ticket is closed. That
way you'll receive a notification. Feel free to open a new
discussions should you run into further problems or need
assistance.</p>
<p>Also you are right, my reply to Bill is all but complete. I'll
go ahead and update it to cover all bases. Thanks for bringing that
up.</p>
<p>Does that answer your question?</p>
<p>Kindly,<br>
steve</p></div>Stevetag:gpgtools.tenderapp.com,2011-11-04:Comment/373347992015-07-08T20:30:37Z2015-07-09T06:44:58ZProtecting secret keys<div><p>Hi Steve,</p>
<p>Yes I am very happy with your plan.<br>
I was thinking of a scenario where you may have to take your laptop
for repair. You have to hand over your screen password or the job
won't get done. And that is when a standalone gpg password can
protect your keys.</p>
<p>Thanks again for your help and support and best regards,</p>
<p>Davood</p></div>dhmaneshtag:gpgtools.tenderapp.com,2011-11-04:Comment/373347992015-07-09T09:55:23Z2015-07-09T09:55:23ZProtecting secret keys<div><p>Yep, I ran into that scenario myself. I usually just take out
the harddrive when giving the mac into repair. But that is not a
lot of fun when we are speaking about an iMac.</p>
<p>In times, where malware can be planted in the EFI, it's hard to
protect yourself when giving your machine out of hands. Another
workaround for that scenario would be to just backup your entire
keyring to a USB drive, delete all keys on the machine and then
using the backup once the repaired mac is back.</p>
<p>I'll go ahead and close this discussion. If you need further
assistance or have questions you can re-open this discussion here
or open a new one any time.</p>
<p>Best, steve</p></div>Steve