l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
August 5: Social gathering
Next Installfest:
TBD
Latest News:
Jul. 4: July, August and September: Security, Photography and Programming for Kids
Page last updated:
2005 Jan 19 03:28

The following is an archive of a post made to our 'vox mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox] PGP question: Multiple Machines
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox] PGP question: Multiple Machines



On Tue, 18 Jan 2005 08:57:17 -0800 (PST)
"Richard S. Crawford" <rscrawford@mossroot.com> wrote:

> I started playing with PGP over the weekend, and I'm having fun using
> KMail at home to sign my e-mail and encrypt documents and generally
> have a good time.
> 
> But since I use at least three different computers to access and send
> e-mail and documents -- my FC3 desktop, my WinXP/FC3 laptop, and my
> Win2K desktop at work -- how would I address the issue of signing
> e-mails when my secret key is only on one of those three machines? 
> Would I use a different key?  I certainly don't feel comfortable
> copying the secret key from one computer to another, even over SSH,
> since that feels like defeating the purpose to me.
> 
> ...Or am I missing something fundamental about how all this works?
> 
> (Obviously, since this e-mail is sent via Squirrelmail from my desktop
> at work, it's not signed.)

I store my entire home directory in Subversion. (I'll be talking about
this at our Feb 21st meeting). I store my gpg secret key in the .hide
directory of my subversion repository, which I only ever check out by
ssh, and only to trusted computers (i.e. my desktop where the repository
lives, and my laptop when I know I won't be moving the laptop for a
while). 

In reality, I have configured my email such that when I want to
send an email, I ssh into my computer and use mutt there, and even when
I checked out my GPG key to my laptop, it's only there because it comes
along for the ride with the various other secret stuff in .hide (e.g.
the jpilot keyring database).

I'm not sure whether this is good security policy though.

--Ken Bloom

-- 
I usually have a GPG digital signature included as an attachment.
See http://www.gnupg.org/ for info about these digital signatures.

Attachment: pgp00008.pgp
Description: PGP signature

_______________________________________________
vox mailing list
vox@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox


LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
O'Reilly and Associates
For numerous book donations.