Skip to content

PGP Private Key

Service Name: Pretty Good Privacy (PGP)

Service Description: PGP is an encryption program that provides cryptographic privacy and authentication for data communication. It is used for signing, encrypting, and decrypting texts, emails, files, directories, and whole disk partitions.

Service Address: Various implementations including GnuPG and OpenPGP

Validation Type: NHI Enriched

IP Allow list: Does not exist

Secret Access Scope: Grants ability to decrypt messages encrypted with the corresponding public key and to digitally sign messages that can be verified with the corresponding public key.

Secret Revokement URL: https://www.gnupg.org/gph/en/manual/c14.html

Secret Example:

-----BEGIN PGP PRIVATE KEY BLOCK-----
Version: GnuPG v2.0.22 (GNU/Linux)
...
-----END PGP PRIVATE KEY BLOCK-----

Suspicious Activity Investigation Instructions:

  • Check for unauthorized access to systems where the private key is stored.
  • Review logs for unexpected decryption or signing operations.
  • Monitor for data exfiltration that might include the private key.
  • Verify if any encrypted communications have been compromised.
  • Check for unauthorized certificate creation or key usage.

Mitigation Instructions:

  • Generate a new key pair immediately.
  • Revoke the compromised key by publishing a revocation certificate.
  • Update the key on all keyservers where it was published.
  • Notify all contacts who use your public key about the compromise.
  • Update all services and applications to use the new key pair.
  • Review and strengthen access controls to private key storage.
  • Consider using hardware security modules (HSMs) for key storage.
  • Implement stronger passphrase protection for the new private key.