How do you verify that the GPG encryption uses strong algorithms and that only the intended key IDs are authorized for decrypting passphrase files?

[silverfisk]

How do you verify that the GPG encryption uses strong algorithms and that only the intended key IDs are authorized for decrypting passphrase files?

Analysis:

• Key ID Authorization: The application correctly uses the --recipient flag in its gpg command within the FileKeyStore.set method. This ensures that GPG encrypts the passphrase file for a specific recipient's public key, and only the corresponding private key (identified by config.gpg_recipient) can decrypt it. This is the correct approach for authorizing specific keys.

• Algorithm Strength: The application does not enforce the use of strong cryptographic algorithms. The gpg command in FileKeyStore.set lacks parameters to specify the cipher, digest, or compression algorithms. It therefore falls back to the user's system-wide or user-specific GPG configuration (gpg.conf). If these defaults are weak or outdated (e.g., 3DES, SHA-1, CAST5), the passphrase files will be encrypted with weak protection, even if the GPG key itself is strong.

Recommendations:

1. Enforce Strong Algorithms: Modify the gpg command in FileKeyStore.set to explicitly specify strong, modern algorithms. This removes reliance on system defaults and guarantees a secure baseline.

   # In luks_keeper/keys.py, class FileKeyStore, method set()
   subprocess.run(
       [
           "gpg", "--batch", "--yes",
           "--cipher-algo", "AES256",      # Enforce AES256
           "--digest-algo", "SHA256",    # Enforce SHA256
           "--encrypt", "--recipient", self.recipient,
           "--output", path
       ],
       input=plaintext.encode(),
       check=True
   )

2. Make Algorithms Configurable: For better flexibility, define the recommended algorithms as defaults in luks_keeper/config.py and allow users to override them if necessary.