GPG Basics... (Noob questions)
Hi!
I am VERY new to cryptography/security stuff. I wasn't able to find the questions on the disc/elsewhere (or maybe I wasn't searching properly...)
I have three main questions w/ additional info below:
1) How do I know/choose subkeys for encryption/signing?
2) How does sharing my public key work?
3) Can I access old encrypted mail from another computer/email
address?
- My understanding is that it will pick one of my subkeys for E
and one for S (I have two subkeys for each). I also have four
emails (USER IDs?) connected to one master.
So does this mean when I compose a message from any of those four id's it will pick one of the two E sub-keys and the same for the S?
I HOPE THAT IS CLEAR!!! sorry.
2)
I understand that I can right click my master and click export
(leaving the secret unchecked) and sent that file to people...
alternatively i can just right click and "mail public key"
However, can people know what user IDs/master is attached to the
key I send them?
I ask because say I have AAAA - [email blocked] (four emails)
What if [email blocked] is a
government email address and [email blocked] is a political activist
one?
Can the activists see AAAA, and the gov't see BBBB? (exposing my
double-agent status)
Also, if either party intercepts an email, can't they just decrypt
it using the encryption key sent to them, since they would be the
same for both?
3) Lastly, I wonder if I can still open encrypted emails if I
forward them to other accounts?
E.g. I encrypt from [email blocked] and send to BBBB (or the
other two emails) ... I also forward a copy to my girlfriend... can
I later access the email form my GF's account if I have a backup
with the secret (and passphrase???) or do I have to be on one of my
original four accounts??? Bah so confused...
___________________END OF RELEVANT STUFF ________
as a BONUS >>> Non-GPG Security <<<
TL;DR,
Safest way to secure information? Is it redundant and useless to
Encrypt a .7z in a DMG? They both use AES… Aes 256 > Aes
128???
What’s the most secure encryption???
I am down to scrap all my extra measures below in favour of
something simpler…
Can I store PW information using GPG on an email?
Is it safe*, or should I stick to the dmg/7z scheme…
Ultimate goal:
I want to be able to access all of my stuff if I get locked out
from any service.
Not only that, but I need to be able to access this stuff offline,
and if I am Stripped-naked… that is, e.g. I am lost in the
dessert.
How do I securely store files/documents/text (text being the most important....)
So far I have my files on Google Drive, Drop Box, and One Drive encrypted using a .DMG and/or 7z inside the dmg... is it extra-secure to do the double-encryption?
I also have copies of passwords inside those encrypted files, also encrypted (PDF encryption)...
On top of that, I have all my passwords and "important things" e.g. SSN, driver's license, credit card info, whatever in there too… (bad idea?)
but then I also have all of that same information on Lastpass. I also have an encrypted file on the Secure Notes (using .DMG and 7Z combo again) that has my GPG Keys!
as an additional precaution, I exported my Lastpass info to an encrypted document and sent it to an email that I do not use and have no record of password (memorized!)… this is Tutanota by the way… protonmail has me waiting.
I don’t know why I’m going crazy with all these precautions, but I want to know which ones are useful/useless or maybe devise a better scheme….
Password 1: Memorized
My “failsafe” is my Tutanota email, where I have all of
my information stored in a .7Z.
I do not use this and only will in an Emergency, or when I am at
home. (Private Internet Access VPN is safer than home
internet… right???)
Password 2: Memorized
Same password for computer and my Lastpass… I type these
manually.
Password 3 + Variants: Memorized, but variants of one
password
These are used to encrypt the DMGs/.7z’s and PDFs
password X = not memorized.
Dropbox, all of my emails, and all of my sites have unique and
random passwords stored in Lastpass (and also backed up, as stated,
in Dropbox, google drive, and One drive. although behind the double
wall of extra security)…
On top of this, I have an offline USB copy of all those things that I have stashed under my bed. I also use Sesame as 2FA (and/or my phone) for everything…
HOLY CRAP THIS IS SO CONVOLUTED…. Will re-write hopefully after I am done my paper
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
? | Show this help |
---|---|
ESC | Blurs the current field |
Comment Form
r | Focus the comment reply box |
---|---|
^ + ↩ | Submit the comment |
You can use Command ⌘
instead of Control ^
on Mac
1 Posted by Fastidious on 24 Sep, 2015 10:04 PM
Use
openssl
for what you want. You do not needgpg
.2 Posted by Mento on 27 Oct, 2015 01:04 PM
Hi,
sorry for the late answer.
1.) By default gpg2 uses the newest valid subkey for the operation. You have to use gpg2 direct in the Terminal, if you want a specific subkey to be used.
2.) If you are an undercover agent, you should create two independent keys. Everyone who gets your public key can see all userIDs, because the userIDs are included in the key-block.
2b.) gpg2 uses public-key-cryptography. This means an activist can encrypt a message with your public key, but only the person with the secret key (you) can decrypt it. Neither the government nor the activist can decrypt it anymore. GPGMail always encrypts a mail you send with your and the recipients keys, so you can read your sent mails.
3.) If you forward the whole encrypted mail, you can decrypt it at any time, at any computer, as long as you have your secret key and the passphrase.
The most secure encryption is called "One-time pad", but this isn't handy.
It's not useless nor redundant to encrypt an encrypted file (if you use another password), but the security gain is minimal. I would recommend to only encrypt once with a very strong password.
AES-256 is more secure than AES-128. You should also use a strong password with more than 20 characters.
It is safe to store passwords in encrypted mail using gpg, if you don't "loose" your secret key.
VPN can be more safe if used in the right way.
Never use the same password twice!
I hope i've answered all of your questions. Don't hesitate to ask more questions, but give me some time to answer :)
Regards, Mento
3 Posted by Jame Frichittha... on 05 Nov, 2015 04:03 AM
Oh my god. Thank you so much for the reply. I almost didn’t see this - it ended up in my junk mail.
Luckily I searched my computer for “gpg” because I forgot my passphrase!!! (thank you Mac Spotlight)
You are my hero!
Thank you!
Jame
You have helped more than enough, but if you’re bored:
If you have any ELI5 (non-technical) links/guides for cyber security stuff that would be amazing! I’m learning VPN stuff at the moment, but need to go back to the drawing board in terms of everything. I mainly want to ensure privacy for both my internet activity, and my files/passwords!
I’m using a vpn (Private Internet Access), and I’m planning on putting my Lastpass information export (with all of my passwords and sensitive info) in an email encrypted with GPG to be dispersed to all of my email accounts (just in case I get locked out of one!)
Support Staff 4 Posted by Steve on 18 Nov, 2015 12:12 PM
Jame, I suggest to discuss the other matters on some security / privacy mailing list or discussion forum.
Glad, this is solved for you. I'm closing this discussion. If you need further assistance or have questions you can re-open this discussion here or open a new one any time.
Best, steve
Steve closed this discussion on 18 Nov, 2015 12:12 PM.