[tptacek]

Mobile - Using PGP on a mobile device can be risky, as it requires storing the private key on devices that are likely to have known security issues. Many people recommend against it, as it puts the private key at too much risk.

ARGH. The whole point of PGP keyrings --- the costliest part of the PGP UX --- is that you don't have to have a single key. If you're terrified of exposing your secret key on your mobile device (which is frankly the most secure device you own), just cut a new key for it.

Any time someone suggests a new application for PGP, people come out of the woodwork saying things like "what, you want me to put my PGP key in my browser?" No. We want you to put --> a <-- PGP key there.

[jiggy2011]

> If you're terrified of exposing your secret key on your mobile device (which is frankly the most secure device you own), just cut a new key for it.

The mobile device is the one most people have the least control over in terms of software (which can be both good and bad) but is also the one they are most likely to lose in a shady part of town.

I agree with the rest of your post though.

[tptacek]

How much does it matter if you lose your encrypted PGP keyring on your fully-encrypted smartphone in a bad part of town?

[jiggy2011]

The same as any other device. I'm nitpicking.

[tptacek]

It depends on the device, I guess, but no, I'm saying your phone is better off in that scenario than any of your other devices.

[x1798DE]

Why would a fully-encrypted smartphone be better off than a fully-encrypted laptop? I'm not following here.

[wwwwwwwwww]

depends on the software installed on both and the adversary you have in mind

if we're talking defending from suits; your phone is probably turned on a lot larger percentage of the time than your laptop so it's more susceptible to a cold boot attack

if we're talking defending from some thug who jacked your phone; it probably doesnt matter

[dredmorbius]

The challenge here is that you've then got to get other people to use the appropriate PGP key(s).

If a key has multiple subkeys, are they all used in encrypting a given message?

That's an aspect of PGP/GPG use I'm not clear on despite >15 years use of it.

[mike-cardwell]

Depends on the implementation. GnuPG picks the most recently created encryption subkey and uses that one. It doesn't use both. Not by default anyway.

[freshhawk]

> which is frankly the most secure device you own

Really? That's not how I treat my security at all. My phone seems to clearly be the least secure computer I own. Admittedly I run all linux on my non-phone computers, but I'm not totally sure I'd agree with you even if I ran Windows or OSX.

Am I that wrong?

[superuser2]

If it's an iPhone, then yes, it is far and away the most secure device you own. Everything is encrypted all the time through an HSM which will perform decryption only if given the device PIN. The key is never in memory and any attempt to extract it from the HSM will result in its self-destruction. It is impossible to recover data from the phone without the PIN. You can only erase the device and restore from a backup. While the device can be lost, the only threat is that a thief will erase and resell it. With iOS 7 and Find My iPhone turned on, even that is not possible. An attacker would not get your data in any case.

This is orders of magnitude safer than a full-disk-encrypted laptop because people hardly ever shut down their laptops, so keys remain in memory. There is also the possibility of cold-boot attacks, and of course the (retrospectively) insane design wherein any program you run can access all of your data.

iOS applications are always code-signed in a way that is tied to a real person or corporation, thoroughly sandboxed, and subject to review, making malware essentially non-existent. If discovered, it can be yanked at any time. What few remote exploits there have been were national news - and quickly resolved.

iMessage is end-to-end encrypted 100% of the time using a keybag - each device on your iCloud account has its own private key that never leaves the device. You get notified when a key is added to the keybag. This is really incredible, because without even knowing it, huge swaths of the population are using properly end-to-end encrypted messaging just by owning iPhones.

iOS is a tight ship and its attack surface is minuscule compared to that of a commodity computer.

[freshhawk]

Ah, that makes a lot of sense. If you are discounting Apple themselves (and people using social engineering techniques to gain access to Apples backdoors) and the large list of States and Corporate actors who have access as potential attackers then you are absolutely correct.

I didn't know about keybag, that's very interesting.

[superuser2]

Please provide evidence (other "Apple hates my freedom so they must be doing it!") of Apple having granted access to iPhones to other corporations.

[freshhawk]

Ah, I was unclear. I meant the Governmental to private intelligence contractors path, not Apple selling data to data brokers or something like that - that seems very unlikely.

[lifeisstillgood]

Where do I read more about this - it sounds fantastic and yet I just assume "proprietary = lazily implemented and they can read my keys cos it's on their server"

[e12e]

There was a talk at passwords^10 (2010) about security of pins/keys in iphone/android/windows phone (IIRC). Don't recall who the speaker was, and all the links to talks/programs etc have gone to bitrot (might be possible to find on archive.org, I've yet to try that).

If I remember correctly an encrypted iphone (4 I guess?) was the most secure, but with a bit of hackery one could use the device itself to bruteforce the pin (and thus access the key, and then the data). Not sure if that's actually been patched in later iterations of the iphone.

If you find this stuff interesting, consider going to passwords^14 (August 5th-6th, Las Vegas): https://passwordscon.org/

[lifeisstillgood]

Thank you - looks interesting

[pbreit]

Considering how locked down they are (iPhone, at least), yes, they are likely substantially more secure than PCs for most people.

[sj4nz]

You have to be more specific: Secure from what kind of threat? There are many threats ranging from service providers deciding to uninstall "unpopular" applications that threaten antiquated revenue models to State threats used against activists and dissidents.

[MBCook]

I assume he means "threats that would allow another app or actor to read your private key".

[Retric]

And ignores the threat of a stolen device.

[pbreit]

Unlike most stolen PCs, a stolen phone can be locked or erased remotely.

[adamcaudill]

Yeah, I have mixed feelings about that one; I almost didn't include it, but it's an argument that I hear often enough that I thought it was worth pointing out.

Personally, I have my key on my phone, and I'm fairly comfortable with it - though there are certainly some that aren't.

[click170]

But, wouldn't that mean that if you share the same email account on your Desktop and Phone, that using a different key on your phone would mean you could not decrypt emails intended for your Desktop?

My understanding was that you can associate a key with your email address, does this just mean you would have two keys associated, one for "me@me.com Desktop" and one for "me@me.com Phone"?

[tptacek]

You can encrypt messages to more than one key. You have to be pretty fussy to begin with to even have this concern.