When exporting secret key give option to encrypt it using symmetric encryption.

Christopher Nethercott's Avatar

Christopher Nethercott

25 Feb, 2018 12:29 PM

Secret Key Export

When a person would like to switch laptops and still use the same gpg key on both they will export it and most people will use some kind of cloud storage service (Google Drive, Dropbox, iCloud Drive, OneDrive etc) to sync the files they would need between these two computers. If you are using iCloud Drive and save your secret key to your desktop or document's folder it would automagically be uploaded to Apple's servers where a certain NSA could get hold of it.

A solution to this is before you export the key into those folders, you get the user to encrypt it using a password. So while in transit it is secured.

  1. Support Staff 1 Posted by Steve on 25 Feb, 2018 01:09 PM

    Steve's Avatar

    Hi Christopher,

    welcome to the GPGTools support platform. Please do not use email or cloud services to transfer your secret key. The secret key should be kept secret. So instead please use a USB drive to locally transfer your secret key.

    You can still encrypt the exported file using symmetric encryption if you want to using GPGServices.

    Best,
    steve

  2. 2 Posted by Chris Nethercot... on 25 Feb, 2018 01:19 PM

    Chris Nethercott's Avatar

    I understand that and would always has symmetric encryption when
    transferring secret keys. It would just be nice to have the option to
    symmetrically encrypt it on export within the app.

  3. Support Staff 3 Posted by Steve on 25 Feb, 2018 01:46 PM

    Steve's Avatar

    It may be a good idea to not encourage users to transfer secret keys via cloud / email in the first place. By adding such a feature, we may be adding the wrong incentives.

    You seem to be an advanced user. Most users are not aware of the technical differences of symmetric and asymmetric encryption. We get contacted quite regularly about some confusion of pinentry asking for a password for a symmetrically encrypted file and users enter the password for their OpenPGP key. I am pretty sure, symmetric encryption during export would lead to all kinds of support requests.

  4. 4 Posted by Chris Nethercot... on 26 Feb, 2018 06:52 AM

    Chris Nethercott's Avatar

    Oh I can imagine the support requests. Thank you for your quick response
    and making a great application.

  5. Steve closed this discussion on 26 Feb, 2018 08:17 AM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac