[ mona / prog / sol ]

sol


data encryption for dummies [OPSEC]

1 2020-03-01 22:00

Now that I'm a grown-up man, I feel more concerned about online privacy and the security of my data.

Here's my plan so far.

• buy a Smart Card reader and one of those OpenPGP cards: https://www.floss-shop.de/en/security-privacy/smartcards/13/openpgp-smart-card-v3.3
• encrypt my hard disk with LUKS and use the Smart Card at boot time for partition decryption, as described here: https://wiki.majic.rs/Openpgp/protecting_luks_decryption_key_in_debian_jessie_us/
• add my public key to my personal homepage and ask people wanting to email me to use this key in order to encrypt our conversation. (they'll probably never bother, but it will make my homepage look cool and old school.)
encrypt all the conversations with darknet market LSD vendors with my GPG keys (actually, scratch that, it's probably a bad idea and I should use another key for that purpose)

The problem is that I'm a very clumsy person and at some point I know I will lose the card or forget it in my pocket before shoving the laundry into the washing machine and all my precious data will be lost! Therefore, I need a secure backup of my GPG keys. Fortunately, it's easy to backup them on paper with these additional steps:

• Use https://www.jabberwocky.com/software/paperkey/ and https://fukuchi.org/works/qrencode/ to print my GPG keys out on paper as QR codes.
• admit that I will also eventually lose the paper or hide it in a place so secret that even I won't be able to find it again a few weeks later
• reckon that travelling with a Smart Card or a QR code on paper is a security flaw (TSA could force me to use them for a laptop search)

And here comes the revolutionary idea which address the last two points! What if I'd just get a tattoo of the QR codes on my shaved scrotum? The scrotal skin is naturally wrinkled and covered with pubic hair. My keys would be perfectly hidden. There's no way in hell a border agent or even a CIA roody-poo would be able to find them in this particular spot. And I cannot lose my QR code backups unless I lose my balls!

But in all seriousness, any advice on that topic is welcome. Did I forget anything?

2 2020-03-15 18:00 *

https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg-verein.git;a=blob_plain;f=office/misc/OpenPGP-Card-Vendors

* Vendor IDs

The OpenPGP card specification (We have registered its AID) requires a
directory of manufactorer IDs (ala Ethernet). We keep this
information here. When adding new numbers make sure that it will also
be updated in the GnuPG source code (card-util.c)

** 0x0000 - Testcard
Assigned: spec

** 0x0001 - PPC Card Systems
Germany

Assigned: spec

** 0x0002 - Prism Payment Technologies
South Africa

Assigned: 2005-09-02

** 0x0003 - OpenFortress Digital signatures
http://openfortress.nl/

Assigned: 2006-03-10

** 0x0004 - Wewid AB
Sweden

Assigned: 2008-01-26

** 0x0005 - ZeitControl cardsystems GmbH
Germany

http://www.zeitcontrol.de

Assigned: 2009-06-02

** 0x0006 - Yubico AB
Sweden

http://www.yubico.com/

Assigned: 2012-11-15

** 0x0007 - OpenKMS
Estonia

http://openkms.org

Assigned: 2014-01-20

** 0x0008 - LogoEmail
Canada

http://www.scardsolutions.com

Assigned: 2014-11-03

** 0x0009 - Fidesmo AB
Sweden

http://fidesmo.com

Assigned: 2015-10-21

** 0x000A - Dangerous Things
USA

https://www.dangerousthings.com

Assigned: 2016-03-12

** 0x000B - Feitian Technologies
China

[[https://www.ftsafe.com]]

Assigned: 2020-01-20

** 0x002A - Magrathea

slartibartfast@fjords.magrathea.unv

Assigned: 2009-05-25

** 0x0042 - GnuPG e.V.
Germany

https://gnupg.org/verein

Assigned: 2017-11-01

** 0x1337 - Warsaw Hackerspace
Poland

https://hackerspace.pl/card

Assigned: 2014-12-08

** 0x2342 - warpzone e.V.
Germany

https://warpzone.ms

Assigned: 2016-04-25

** 0x4354 - Confidential Technologies
Germany

https://cotech.de

Assigned: 2018-10-04

** 0x5443 - TIF-IT e.V.
Germany

https://pgp.tif-it.org

** 0x63AF - Trustica s.r.o

https://trustica.eu

Assigned: 2018-04-05

** 0xBA53 - c-base e.V.
Germany

https://www.c-base.org

Assigned: 2020-03-03

** 0xBD0E - Paranoidlabs

https://paranoidlabs.org

Assigned: 2018-02-01

** 0xF517 - Free Software Initiative of Japan
JAPAN

http://www.fsij.org

Assigned: 2010-09-06

** 0xF5EC - F-Secure
Finland

https://www.f-secure.com

Assigned: 2020-02-21

** 0xFF00..FFFE - Range reserved for randomly assigned serial numbers.

Serialnumbers with manufacturer ID in this range are an exception
to the rule that they should be unique. It is expected that such a
serialnumber is assigned using a true random function which
generates 5 bytes (4 for the actual serial number and one to select
a manufacturer ID out of this range). Note, that the 0xffff is not
part of this range. Implementers using serial numbers as a unique
ID should keep in mind that duplicates may happen. Using the of
manufacturer IDs out of this range should only be done if no other
way of obtaining a manufacturer ID is possible.

Assigned: 2007-07-17

** 0xFFFF - Testcard
Assigned: spec

3 2020-09-15 01:42

Great idea. Makes me wish I had a scrotum.

4 2020-09-15 02:18 *

>>3
If you're in want of another spot to put a qr tattoo you should probably eat at least a little more than you do.

5


VIP:

do not edit these