GPG key handling about airgap-vault HOT 8 CLOSED

Hey, sorry for the late reply.

It's not possible to manage GPG keys in the Vault at the moment. It's definitely an interesting idea though.

What kind of features / mechanisms did you have in mind?

It would be nice if you would work on this in a PR, but I can't give you any promises that it will be merged to the main repo at this time. This seems like a bigger change and we would have to think about all the implications (also related to usability because we want to keep the app as simple as possible so it can also be used by non-technical people).

As a first step you could come up with a list of features that you would like to have, then we can see how that fits into the current design of the Vault.

from airgap-vault.

@RoGryza I've been thinking more and more about this over the last few weeks. Do you have some time and would be interested in working on this?

from airgap-vault.

@AndreasGassmann sorry for the delay. I'm no longer working on the project I'd use this for, but I'll contact the team and see if they're still interested

from airgap-vault.

I see that this has been mentioned, so I'm adding my own take to it: use OpenKeychain as the source of secret generation. That way no mnemonics, private keys, json files, or anything ever have to be exported anywhere, just connect directly to OpenKeychain. For an even better security scenario, you could generate the OpenPGP key on a hw (eg NitroKey), and then generate the vault secret from OpenKeychain.

This option would only work on Android though, afaik.

from airgap-vault.

I am not familiar with OpenKeychain, Nitrokey or Fidesmo. It looks like both the Fidesmo token and NitroKey are a device that hold your keys (like a Yubikey), while OpenKeychain is an application on Android that does the same thing.

If I understood correctly, you are suggesting that we delegate the key management/generation to one of those devices instead of in AirGap Vault itself. Is that correct?

Assuming it is, I'm not sure this is aligned with the goals of AirGap Vault. AirGap Vault should basically be a replacement for HW devices that hold your keys. So instead of having a Ledger/Trezor that holds your keys, it should be AirGap Vault instead. This brings a couple of benefits like full air-gapping, better UX, etc.
What you are suggesting, if I understood correctly, is to basically only use the AirGap Vault as a "bridge" between the online world and those devices. So it would be Online Device <= QR => AirGap Vault <==> Fidesmo/Nitrokey/OpenKeychain where Fidesmo/Nitrokey/OpenKeychain would be holding the key.

Besides the fact that this kind of goes against our goals, I'm not sure if it's possible. Usually, HW devices that manage your keys are designed to not let you extract your keys, as a security measure. I did some quick search if this is possible on Nitrokey, and their page here https://docs.nitrokey.com/pro/openpgp-keygen-backup.html suggests that it is not:

The following instructions explain the generation of OpenPGP keys and how to copy them to the Nitrokey. This method has the advantage of providing a backup of the keys in case of losing or breaking the Nitrokey.

So this means it would actually not be possible to use the secret on those devices to generate a mnemonic out of it, unless the devices themselves support it (eg. Ledger, Trezor, etc.). It would probably be possible with OpenKeychain if their API allows it, but my question would be what the advantages of that would be.

Having your key on multiple devices always increases the possible attack vectors. So our vision is that AirGap Vault will be the one application that holds all your secrets and does all the operations locally, without the key ever leaving the device. That's also why we added additional security measures that protect users against compromised RNGs by collecting entropy over camera, microphone and touch input, or even let you provide your own entropy that you collected via dice rolls and coin flips.

So in a way, AirGap Vault is a "replacement" for all the apps/devices that you mentioned.

Maybe I misunderstood your question, if that's the case, please let me know.

from airgap-vault.

I am just as in the dark regarding this idea, but mynitial thought was that OpenPGP is a cryptography tool with a public key, and a private key. Now obviously you don't want anything to be derived from your public key, because duh, but the private key? That is a different piece of tea. If an SHA512 hash, that is not subject to change upon each request, can be requested from the private key via the API, and passed through to AirGap, it could serve as the crypto wallet private key.
Again, I have no idea how this could work, but they have the components, the API, the documentation for gereal GPG functions. I will try to reach out to them.

from airgap-vault.

If they allow you to get a deterministic hash from the private key, then that could be used as the source of entropy for your mnemonic. But the question still remains, why would you want to do that? If you lose your HW device, that private key is gone, and it cannot be backed up (unless you provide your own key, as described in the link above). So you'll still be in the situation where you have to back up your mnemonic in case you lose your HW device.

Instead, I think the more interesting approach is to use your mnemonic as the source of entropy and generate all your other keys out of it. BIP85 is designed to do that, or at least something very similar. You can derive child mnemonics from a master mnemonic, but you can also derive entropy to be used elsewhere. My vision was to use BIP85 to generate a GPG key, but sadly, it looks like OpenPGP and WebCrypto don't support that: openpgpjs/openpgpjs#1309 If they did, that would be the ideal solution in my opinion. It would allow you to back up 1 master mnemonic with Shamir or whatever you would like, which then will allow you to re-generate all your keys. But sadly, it doesn't seem to be possible, at least not with those tools.

I'm still not 100% sure what your use case or your goal is. Do you simply want to have to back up only one key that can recover everything? It looks like that would already be possible by generating your own PGP key, then importing it into your Nitrokey ( https://docs.nitrokey.com/pro/openpgp-keygen-backup.html ) and then generate a mnemonic out of that PGP key by using some custom script.

from airgap-vault.

The activity on this issue has been inactive for the past two years. I'll be closing it now. If there's a need to revisit this matter, please don't hesitate to reopen the issue. Thank you.

from airgap-vault.