The default card key generation keeps an unprotected backup of the encryption key on disk
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	• werner
	Jan 17 2024, 4:07 PM

Description

When using gpg --card-edit, admin, generate and following the default prompts, the encryption key is created by gpg (technically by gpg-agent), copied to a smartcard and a backup in OpenPGP format stored with a passphrase in a file ~/.gnupg/sk_LONGKEYID.gpg.

The gpg-agent however has created the key in its private-keys-v1.d directory before it was sent to the smartcard and to gpg for creating the backup. Obviously that on-disk copy should be deleted. This used to happen by overwriting it with the stub file (aka shadow key). Due to other fixes this stopped working some time ago - bummer.

The best fix will be never to write the key to the disk but hand it out to gpg to create the backup file.

Details

External Link: https://forum.gnupg.org/t/privater-schlussel-von-smart-card-in-kleopatra-gespeichert/3858

Revisions and Commits

rG GnuPG
	rG80f25fab900b agent: Fix an unitialized variable in an error path.
	rG3b69d8bf7146 gpg: Fix leftover unprotected card backup key.
	rGead2982286f8 gpg: Use ephemeral mode for generating card keys.
	rG434a641d40cb agent: Add "ephemeral" Assuan option.

Related Objects
Search...

		Status	Assigned	Task
		Resolved	• werner	T6943 Add tool to detect and clean unsolicited copies of smartcard keys
		Resolved	• werner	T6944 The default card key generation keeps an unprotected backup of the encryption key on disk

Event Timeline

• werner triaged this task as High priority.Jan 17 2024, 4:07 PM

• werner created this task.

• werner created this object in space Restricted Space.

• werner created this object with edit policy "Contributor (Project)".

Currently, there is no support for gpg-agent to keep private key not on disk, but only on memory of gpg-agent. Given the situation,
I think that it is good to:

Add !force condition to reject "updating regular key file by a shadow key", so that forcing by a shadow key will be possible.
For 2.2, re-open: T6386: gpg-agent 2.2: Command "READKEY --card --no-data -- OPENPGP.1" overwrites protected-private-key with shadowed-private-key
- From 2.4, backport rG8f2c9cb73538: agent: Silence error messages for READKEY --card

FWIW, I am already working on this.

We tested with Kleopatra:

Only gpg4win 4.2 is affected (the current version) but 4.1 is not affected.
No vsd version is affected.

We tested with gpg --card-edit:

gnupg 2.2.42 is affected (thus also vsd 3.2.0 and 3.2.1)
gnupg 2.4.2 and 2.4.3 are affected

2.2.41 was tested and is not affected. 2.4.0 and 2.4.1 were also tested and are not affected. 2.3.x and < 2.4.41 were not tested.

• werner set External Link to https://forum.gnupg.org/t/privater-schlussel-von-smart-card-in-kleopatra-gespeichert/3858.Jan 19 2024, 12:38 PM

• werner added a commit: rG434a641d40cb: agent: Add "ephemeral" Assuan option..Jan 22 2024, 4:52 PM

• werner added a commit: rGead2982286f8: gpg: Use ephemeral mode for generating card keys..

• werner changed the task status from Open to Testing.Jan 22 2024, 4:53 PM

• werner moved this task from Backlog to QA on the gnupg24 board.

We need to fix 2.2.42 too. This because we backported the responsible patch.

• werner moved this task from Backlog to WiP on the gnupg22 board.Jan 24 2024, 11:23 AM

• werner added a commit: rG3b69d8bf7146: gpg: Fix leftover unprotected card backup key..Jan 24 2024, 11:45 AM

Fixed in 2.4.4 and 2.2.43 - see above for affected versions.

• werner closed this task as Resolved.Jan 24 2024, 2:31 PM

• werner moved this task from QA to gnupg-2.4.4 on the gnupg24 board.

• werner edited projects, added gnupg24 (gnupg-2.4.4); removed gnupg24.

• werner moved this task from WiP to gnupg-2.2.43 on the gnupg22 board.

• werner edited projects, added gnupg22 (gnupg-2.2.43); removed gnupg22.

• werner mentioned this in T6578: Release GnuPG 2.4.4.Jan 25 2024, 11:37 AM

• werner shifted this object from the Restricted Space space to the S1 Public space.Jan 25 2024, 11:56 AM

Also fixed in the fortgcoming 2.2.43

thesamesam added a subscriber: thesamesam.Jan 29 2024, 10:56 AM

• werner mentioned this in T6849: Release GnuPG 2.2.43.Apr 16 2024, 9:47 AM

• werner mentioned this in T7189: Release GnuPG 2.5.0.Jul 5 2024, 2:42 PM

• werner added a commit: rG80f25fab900b: agent: Fix an unitialized variable in an error path..Aug 12 2024, 3:10 PM

• werner mentioned this in T7087: Release GnuPG 2.2.44.Aug 16 2024, 1:47 PM

The default card key generation keeps an unprotected backup of the encryption key on diskClosed, ResolvedPublicActions