4

After having purchased a USB GnuPG smartcard, I visited the manufacturer's website. A tutorial by the FSFE was mentioned there as the preferred way of setting up the smartcard.

However, this tutorial seems to be a bit outdated as the output of gpg --gen-key doesn't offer the option to create a "RSA + RSA"-keypair:

Please select what kind of key you want:
  (1) DSA and Elgamal (default)
  (2) DSA (sign only)
  (5) RSA (sign only)

The author chooses the first option and continues by generating two RSA subkeys of the DSA key. These two subkeys (one for signing, the second for encrypting) are then transferred to the smartcard. The Elgamal key is deleted, unused.

So my questions here – as an owner of a keypair consisting of two RSA keys, default in GnuPG for quite a long time – are: Do I really need to generate new subkeys for the smartcard? Or is this measure included in the tutorial for historical reasons (as smartcards seem to only support storing RSA keys)?

I don't know if, from the security point of view, there are reasons against putting your "master" key on a smartcard. But even if, wouldn't it be enough to generate one second subkey for signing instead of two new subkeys?

hansjoachim
  • 43
  • 4

1 Answers1

1

Or is this measure included in the tutorial for historical reasons (as smartcards seem to only support storing RSA keys)?

While it is true that most (all?) OpenPGP compliant smart cards only support RSA, the likely reason for generating the keys in the tutorial was to show you how to generate keys and / or push them onto the card which is useful information in by itself.

I don't know if, from the security point of view, there are reasons against putting your "master" key on a smartcard.

There's nothing technically stopping you from putting your master key on your smart card. However when you lose the card, this master key, which has all sorts of hard-worked-for trust signatures is now gone. This certainly isn't something you want to risk usually (which is why better HSMs offer a way to backup keys). So you usually generate the master key in software, store it away safely and redundantly and maybe push a copy onto the card.

Do I really need to generate new subkeys for the smartcard?

No. While it's strongly advisable from a security standpoint to only have your keys on your card (so they're actually protected by the hardware and not by the software storage or the hardware) it is not mandatory.
Let's just assume that you have a software key shared between a mobile device and a computer. Let's further assume the mobile device is running iOS which is fairly good security-wise and the computer is running Windows 7 (which is less good security-wise). If you push your keys off the Windows PC an attacker would have to compromise your locked-down mobile device or the card which is both harder than compromising your Windows installation, so there you've gained some security.

But even if, wouldn't it be enough to generate one second subkey for signing instead of two new subkeys?

The interesting property of master keys is not that they can sign (S) stuff, but rather that they can certify (C) other keys to be belonging to you which as far as I know is exclusive to the master key in a set of keys.

SEJPM
  • 46,697
  • 9
  • 103
  • 214