Silk Road forums

Discussion => Security => Topic started by: Leapfrogger on December 10, 2012, 02:20 am

Title: Purpose of password-protecting private PGP keys?
Post by: Leapfrogger on December 10, 2012, 02:20 am
So let's say I have a private key. I just generated one for this post:

-----BEGIN PGP PRIVATE KEY BLOCK-----
Version: GnuPG v1.4.12 (GNU/Linux)

lQH+BFDFPnABBACy6I/Nezt1JzClzXkA/4OJ5cLBhUR/g27FxmMC/e+q6bXu4TXX
wYpQiEDxx0rPPhQmljqMDKW3sLhuCCCXZJ526CtxelQ6Ji80p9/e2aYfipcfJqCx
SPaZsGbd6oJigh3tHyseKoHvUS3QRMUygI6FGpsND3cxTr/ufquKC6ejEwARAQAB
/gMDAp2nbniMuJg6YKHZTZBccT9mQJc/aC3w+OHKYg6iTsrrpTIn1ZdK0LMMeznv
OBbxnrY88e4bNt91MWozTYOSDJ44tUTMD+YFChTCTQOXUBGh3JkXZdHSVpV6e46H
7lT24EkTMWLcn9faXJTgnPjApR1OZH4DR8Lm06x/BlX/e+d+BB112K2bpLuz6/zU
fEP91pM1HOXfnGE7RvdCHCVjBIYkyC4vqSY0SvEGaAJfG3BYyFmEtSOT3UgJQQa0
Vj2XbkVu06gvUeCi6ovrytRnWUNtRIIGq9ZRzHFvhUs4KllKpu5K8Sq36tW1Qixh
uqO+YX3rd3b/Y2EoLYJlb/1VBsMqvvEzNmjps2cDmNfW80Qq6vfgVjS6EEJ21Blm
9F1aLDd5/ylj69y2uddXbWsws8AEQaMshGSGvI6IFWcdEHVTlNS9rZ0e2NsBaUzH
sHkUKBIDyo9oN0l9JqQAF0lOfhQKwUkyMVlTycafYTIbtJdOZXcga2V5IGZvciBy
ZXNlYXJjaCBwdXJwb3NlcyBvbmx5IChEb24ndCBnZXQgdG9vIGV4Y2l0ZWQtIHRo
aXMga2V5IHdhcyBvbmx5IGdlbmVyYXRlZCBmb3IgdGhlIHBvc3QgYW5kIHlvdSBz
dGlsbCBuZWVkIHRoZSBwYXNzd29yZCEpIDxuZXdrZXl6QHBncC5jb20+iL0EEwEC
ACcFAlDFPnACGwMFCQlnOpAGCwkIBwMCBhUIAgkKCwMWAgECHgECF4AACgkQhQQE
CkukWgXdIwP/WPCA9wbt5U7TipCI3OBeL0Qo94Nq75LOEPBuBhCjkYP5Y56pQ/ZK
wjQsu+YM/q6c2xgd+2ggZW/oYLEaHSSS+1QMj4pFbMIqp6KtFuugitptStJDPMaL
Q3aEXMHh8Ja3DezhYxGEZRJi/J1FBEzPilAI+nvyfQ7e0RIliYn/K0CdAf4EUMU+
cAEEAK1AmY6VJamaRXIcc+G9bwXY+kbBL4HxaUIYCDoDNiMCLxdI7MHecoPLFQsu
JWUzRQfyxo3cCd7PGDMmm0kGubnl+cDi6zeS/JgfZ3L9X1qG7xRrak7JnBXlSJ57
Slco9UXtD5AhHs2WPHOhEvPtGONyD8eaZse2XWmCATwPL7sXABEBAAH+AwMCnadu
eIy4mDpgQiUpSkO7MhU3or2kpXQlPh2wnZ3gaMIYv/9PUEzMurBFEGXy3BziS4Jy
tGu+vApQXHTI7GhQKGZ/B174iXtMnZdonpAkmdXiWG/zdhw20gq7O4Cv74RRZ8oq
z5OmCZ0HmlyahB24jgJbJDWI+gvy6P+uUpRwde4aiFP3GaXktNO4D7OFGlswIGMP
LYzIXex/rxH/eAYzWt05Z2+MZuJeobiyKMD+LISpL377opmaDVnKTMg4aMGStxvr
0qpzxEUE6mc9WgwVNK3EnGW1ggIf5n+ZKCYOaD1J/5Ypv9ZD87dAgGqfs14bVvMz
GHoXALmySGsbYCSCfNomZtfruUQtxLzE0BJxv74dZLLPMWm4eSizVLPHoikPWD3/
taT8AFEPNL8/eCyAmJUm4+6tVJ1TDvpg/KBFyE0qF6M1sd1AM6bBz4dMHajo7t2V
VI9tP/ilLb7NBWvW23htDullIJxmK7cmeaqIpQQYAQIADwUCUMU+cAIbDAUJCWc6
kAAKCRCFBAQKS6RaBStyBACFmy6i9tZ78bBym3QJvACb6D5KmYJ79wiweFLF8+lE
cGWlndJTaGah/PSy9V/4Lw3v7mUy25hMhmDJ2p6hKrDhRyyTrHYWWiTxzDpIvQeB
KUd1yWxKlxPMVWYgphv+ncc/hMirDt0YZyhsvVHJFyqral3wpNz9qCNkPq/MTtLq
Xg==
=8wch
-----END PGP PRIVATE KEY BLOCK-----

Again, I just now generated this and will never use it again. Give me some credit here!

So let's say the FBI breaks down my door while I'm out back working in the garden and I foolishly left my laptop on with Tails running with Persistence, and they're able to copy my private GPG key before I can run inside and smash the laptop with a shovel.

Now, they'd still have to spook me into giving up my password, correct? (Let's assume the password isn't cached or saved anywhere.) The private key alone isn't gonna allow them to decrypt any of those incriminating messages addressed to me without the password, and vice versa, right?

Note that I'm not looking for an excuse to cut corners- I just wasn't able to find a clear answer on this.
Title: Re: Purpose of password-protecting private PGP keys?
Post by: Winston420 on December 10, 2012, 03:17 am
So let's say the FBI breaks down my door while I'm out back working in the garden and I foolishly left my laptop on with Tails running with Persistence, and they're able to copy my private GPG key before I can run inside and smash the laptop with a shovel.

Now, they'd still have to spook me into giving up my password, correct? (Let's assume the password isn't cached or saved anywhere.) The private key alone isn't gonna allow them to decrypt any of those incriminating messages addressed to me without the password, and vice versa, right?

Your password might be soft, and they could crack it with a dictionary program.  By the time you are raided, you've probably been under surveillance.  Unless you are a huge target, I doubt that they would spend money bugging your computer with a key logger beforehand, but that is how LE have recovered PGP private keys before.  If you've used your password on a laptop in a public space, there may be surveillance video of you typing the password.

The main reason you would want your encrypted private key to be public information is that an attacker would simply attack your password, a lot simpler problem (by magnitudes) than attacking the symmetric key encryption of your incoming messages or attacking the public key encryption of the symmetric keys.
Title: Re: Purpose of password-protecting private PGP keys?
Post by: HassleHoff on December 10, 2012, 03:41 am
So let's say the FBI breaks down my door while I'm out back working in the garden and I foolishly left my laptop on with Tails running with Persistence, and they're able to copy my private GPG key before I can run inside and smash the laptop with a shovel.

Now, they'd still have to spook me into giving up my password, correct?...


Well, for one thing if you ran towards a bunch of cops with a shovel, they would just shoot you to death and you'd become yet another justifiable homicide in the war on drugs.  But I understand the question. Yes, the key you posted is password protected. The public key can be used to encrypt messages - but they cannot be decrypted without the password for the private key. So your key is as safe as your password. This is the same idea as encrypting your bitcoin wallet. If somebody gains access to your computer they still cant get your bitcoins - without the password.





Title: Re: Purpose of password-protecting private PGP keys?
Post by: Leapfrogger on December 10, 2012, 10:01 am
Thanks guys! Guess I can leave my shovel in the garden, where it belongs.

For the record, the password is:

i<3JuNiperBeRriez^_^