How should I import a private key?


#1

My private key can be displayed as a note on LastPass, or in my browser.
Even Premium, the note length is 1K char, too small.

I dont really want to create a file with my private key, given the fact that some background process might duplicate the file elsewhere (like filehistory, backup, etc.), and/or the file could be recovered even after being deleted.

Any suggestion ?
Thanks.


#2

Not sure where your trying to export your private key from but some services/apps asks you to enter a password to encrypt your private key when exporting it and it will be useless unless someone has the right password to decrypt it. Otherwise you could try set up another drive (a 32GB or larger USB should suffice but may take a while so I suggest a HDD or SSD) and install Qubes OS, Talis or Kali with minimal amount of apps installed for your task. A fresh OS install should prevent any loggers from coming along as long there’s no hardware loggers in your PC or rootkits in your bios. Then encrypt your entire drive with Veracrypt or something else you trust as well as modify firewall settings so nothing can access internet except for what you need, now export your key, once it is finished immediately disconnect internet. Then encrypt it with something else such as Axcrypt or Kleopastra. At this point, you can save the key somewhere other than the drive with your OS. Shut down computer and boot up again using your usual drive, keeping the drive you used to export the private key plugged in, got to Disk Management for windows 10 or the equivalent in other OS-s and choose to format the drive where you exported the private key. Since that drive already has Full disk encryption it will almost be impossible to recover. But if you want to be extra safe then if you used a hard drive, use another tool to overwrite it such as Eraser, for SSDs and USBs, you will need a tool from the manufacturer to securely clear the encrypted data which again is unnecessary. You could also physically destroy the drive after that if you really feel like it, probably use a hammer then submerge the parts in HCl or other strong acids you can buy then burn whatever is left with petrol. But now you will have an encrypted private key ready which you can back it up to Lastpass or Bitwarden (premium) to store. While this is not entirely foolproof, it will be very hard for anyone to intercept your private key unless they are targeting you for a reason or are backed by government agencies.

Feel free to give suggestions on improvement to this concept.


#3

??? I can save my ASCII armored GPG private key in secure notes of Bitwarden just fine.

How many characters is your private key?


#4

I use something a bit less extreme that what you suggest : I use a RAM disk. It take a minute to save the key in a file in a RAM disk, then I add it as attachment to BW. Then resetting the files and deleting the RAM disk should leave nothing behind, I hope.


#5

Size is > 3000 characters for a 4K bits long key…


#6

I have a GPG key that is 7439 characters and it fits in an encrypted note fine.

3000 characters fits.


#7

I just tested, a key with 3 subkeys (all 4 keys RSA 4096 bit) comes out to 7432 characters and fits in the encrypted notes feature.