For security(a)archlinux.org the Security Team wants to setup a way for
reporters to securely mail encrypted issues to our email address. To
limit the bus factor we want to send those emails to multiple receivers
and then handle and/or forward the information appropriately. Schleuder
providers an solution to this issue by decryping the sent email and
re-encrypting it to the Arch Security team members.
Since this requires a GPG key to be on the server, we want to implement
this securely and hook up a nitrokey pro 2 to a separate Hetzner
dedicated server. This server serves the sole purpose of hosting the
security mail address. Installing by Hetzner costs 18 euro’s (excl.
VAT).
Options:
* Cheapest Hetzner server 34 euro / month and 40 euro setup fees.
* Hetzner auction server ~ 25 / month and no setup fees.
* Different dedicated server hoster which allows custom usb devices.
Benefits:
* Key can’t be recovered by an attacker who has access to the server.
* Receivers don’t need a shared private key but only their own.
* Separate server so no other software can influence/impact. Downsides:
Downsides:
* Nitrokey is out of our control, but we trust Hetzner already (ie. they
could easily hook up a malicious USB/BMC device already and gain root
privileges).
* Server dies, the Nitrokey has to be moved to the new server.
Questions:
* How to update the key, handle key expiration?
* Do we backup the key? Let someone have a separate nitrokey?
Setup:
* Levente (anthraxx) volunteered to aquire, setup key (+revocation) and
get it to Hetzner.
--
Jelle van der Waa