Page MenuHome GnuPG
Create Task
Maniphest T6944

The default card key generation keeps an unprotected backup of the encryption key on disk
Closed, ResolvedPublic
Actions

Description

When using gpg --card-edit, admin, generate and following the default prompts, the encryption key is created by gpg (technically by gpg-agent), copied to a smartcard and a backup in OpenPGP format stored with a passphrase in a file ~/.gnupg/sk_LONGKEYID.gpg.

The gpg-agent however has created the key in its private-keys-v1.d directory before it was sent to the smartcard and to gpg for creating the backup. Obviously that on-disk copy should be deleted. This used to happen by overwriting it with the stub file (aka shadow key). Due to other fixes this stopped working some time ago - bummer.

The best fix will be never to write the key to the disk but hand it out to gpg to create the backup file.

Details

External Link
https://forum.gnupg.org/t/privater-schlussel-von-smart-card-in-kleopatra-gespeichert/3858

Revisions and Commits

rG GnuPG
rG3b69d8bf7146 gpg: Fix leftover unprotected card backup key.
rGead2982286f8 gpg: Use ephemeral mode for generating card keys.
rG434a641d40cb agent: Add "ephemeral" Assuan option.

Related Objects
Search...

Event Timeline

werner triaged this task as High priority.Jan 17 2024, 4:07 PM
werner created this task.
werner created this object in space Restricted Space.
werner created this object with edit policy "Contributor (Project)".
gniibe added a subscriber: gniibe.Jan 18 2024, 2:17 AM

Currently, there is no support for gpg-agent to keep private key not on disk, but only on memory of gpg-agent. Given the situation,
I think that it is good to:

werner added a comment.Jan 18 2024, 8:31 AM

FWIW, I am already working on this.

werner added a comment.EditedJan 18 2024, 8:35 AM

We tested with Kleopatra:

  • Only gpg4win 4.2 is affected (the current version) but 4.1 is not affected.
  • No vsd version is affected.

We tested with gpg --card-edit:

  • gnupg 2.2.42 is affected (thus also vsd 3.2.0 and 3.2.1)
  • gnupg 2.4.2 and 2.4.3 are affected

2.2.41 was tested and is not affected. 2.4.0 and 2.4.1 were also tested and are not affected. 2.3.x and < 2.4.41 were not tested.

werner set External Link to https://forum.gnupg.org/t/privater-schlussel-von-smart-card-in-kleopatra-gespeichert/3858.Jan 19 2024, 12:38 PM
werner added a commit: rG434a641d40cb: agent: Add "ephemeral" Assuan option..Jan 22 2024, 4:52 PM
werner added a commit: rGead2982286f8: gpg: Use ephemeral mode for generating card keys..
werner changed the task status from Open to Testing.Jan 22 2024, 4:53 PM
werner moved this task from Backlog to QA on the gnupg24 board.
werner added a project: gnupg22.Jan 24 2024, 11:22 AM

We need to fix 2.2.42 too. This because we backported the responsible patch.

werner moved this task from Backlog to WiP on the gnupg22 board.Jan 24 2024, 11:23 AM
werner added a commit: rG3b69d8bf7146: gpg: Fix leftover unprotected card backup key..Jan 24 2024, 11:45 AM
werner added a comment.Jan 24 2024, 2:30 PM

Fixed in 2.4.4 and 2.2.43 - see above for affected versions.

werner closed this task as Resolved.Jan 24 2024, 2:31 PM
werner moved this task from QA to gnupg-2.4.4 on the gnupg24 board.
werner edited projects, added gnupg24 (gnupg-2.4.4); removed gnupg24.
werner moved this task from WiP to gnupg-2.2.43 on the gnupg22 board.
werner edited projects, added gnupg22 (gnupg-2.2.43); removed gnupg22.
werner mentioned this in T6578: Release GnuPG 2.4.4.Jan 25 2024, 11:37 AM
werner shifted this object from the Restricted Space space to the S1 Public space.Jan 25 2024, 11:56 AM
werner added a comment.Jan 25 2024, 2:05 PM

Also fixed in the fortgcoming 2.2.43

thesamesam added a subscriber: thesamesam.Jan 29 2024, 10:56 AM
werner added a comment.Mar 4 2024, 3:38 PM

See also: https://gnupg.org/blog/20240125-smartcard-backup-key.html

werner mentioned this in T6849: Release GnuPG 2.2.43.Tue, Apr 16, 9:47 AM