[vox] PGP question: Multiple Machines

Ken Bloom kabloom at ucdavis.edu
Tue Jan 18 09:32:34 PST 2005


On Tue, 18 Jan 2005 08:57:17 -0800 (PST)
"Richard S. Crawford" <rscrawford at mossroot.com> wrote:

> I started playing with PGP over the weekend, and I'm having fun using
> KMail at home to sign my e-mail and encrypt documents and generally
> have a good time.
> 
> But since I use at least three different computers to access and send
> e-mail and documents -- my FC3 desktop, my WinXP/FC3 laptop, and my
> Win2K desktop at work -- how would I address the issue of signing
> e-mails when my secret key is only on one of those three machines? 
> Would I use a different key?  I certainly don't feel comfortable
> copying the secret key from one computer to another, even over SSH,
> since that feels like defeating the purpose to me.
> 
> ...Or am I missing something fundamental about how all this works?
> 
> (Obviously, since this e-mail is sent via Squirrelmail from my desktop
> at work, it's not signed.)

I store my entire home directory in Subversion. (I'll be talking about
this at our Feb 21st meeting). I store my gpg secret key in the .hide
directory of my subversion repository, which I only ever check out by
ssh, and only to trusted computers (i.e. my desktop where the repository
lives, and my laptop when I know I won't be moving the laptop for a
while). 

In reality, I have configured my email such that when I want to
send an email, I ssh into my computer and use mutt there, and even when
I checked out my GPG key to my laptop, it's only there because it comes
along for the ride with the various other secret stuff in .hide (e.g.
the jpilot keyring database).

I'm not sure whether this is good security policy though.

--Ken Bloom

-- 
I usually have a GPG digital signature included as an attachment.
See http://www.gnupg.org/ for info about these digital signatures.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://ns1.livepenguin.com/pipermail/vox/attachments/20050118/944edc12/attachment-0001.bin


More information about the vox mailing list