Need way to clear out old cert/key metatdata

I decided to try a little experiment, using Windows (rather than PGP) style certs and keys. Using Microsoft utilities makecert.exe and pvk2pfx.exe, I created a public/private keypair file called test2.pfx. I imported it into GPG4Win. It asked me a number of questions, including if I trusted the CA (certificate authority) which issued the certificate. The import was performed from within Kleopatra. After again using Kleopatra to delete the imported public/private keypair, and importing the same pfx file again, it no longer asked me if I trusted the CA. It kept the same settings as before. Even after closing Kleopatra and reopening it and repeating the experiment of deleting and re-importing the pfx file, it still seemed to remember my trust setting (trusted or untrusted) for the CA that issued it (which of course is myself). It never asked me again, until I went into the “C:\Users\MyName\AppData\Roaming\gnupg” folder and manually deleted the metadata which described the per-certificate trust settings. Since I didn’t know which file held the metadata in question, I just deleted all the files in the folder (which of course caused me to lose all keys in GPG4Win, including ones I wanted to keep).

Now you guys need to add a feature in the Kleopatra GUI (or in GPG4Win itself if it doesn’t currently support this) to completely expunge all metadata associated with a particular key or certificate when you delete that key or certificate. Not sure if this problem also exists with PGP keys/certs or only when handling Windows keys/certs, but it should be possible to wipe all traces of either a given PGP or a given Windows public or private key from within the GPG4Win system, when you delete that key or certificate from within Kleopatra.

Otherwise it clearly leaks info about what you’ve done in the past with the GPG4Win software. When you delete something, and references to it remain in other files, that’s a potential security hazard. An adversary could potentially use this information to their advantage.

Hi,

securely deletion of traces has to be handled on the level of the operating system
and thus is out of scope for Gpg4win itself. The reason is that a user space application cannot make safe assumption about hardware (are we running in a virtual machine) or how different storages (harddrive, memory, networkdrive, ssd?) are handled.

As for the CMS key handling your have tried: We know that this is quite hard to configure, see
https://wiki.gnupg.org/X.509 For several reasons using S/MIME and x.509 PKIX requires an experienced administrator to make the necessary decisions. Once configured it runs fine, if you accept the drawbacks of the hierarchical trust model. Most of our the work making end-to-end more usable have been focused on OpenPGP and OpenPGP/MIME aiming for automated encryption.

Best Regards,
Bernhard

When I delete a certificate from Windows certificate store, it is completely removed. Windows doesn’t even remember it was there. When you import the certificate again, Windows acts like it’s seeing it for the first time.

When I delete a Windows-type certificate from GPG4Win certificate store, it is not completely removed. GPG4Win remembers it was there. When you import the certificate again, GPG4Win doesn’t ask all of the security questions (like asking you to verify its fingerprint, like it does when very first imported for the first time).

I would like to see GPG4Win, handle Windows-type certificates and keys in the same way Windows currently handles them, for the sake of convenience, if nothing else.

We enabled the allow-mark-trusted option by default on popular demand. You can disable it again, if you like.

I’m quite certain that traces of a certificate can be found on a Windows machine after removal, when you go looking as part of forensics.