[vox] PGP question: Multiple Machines
Karsten M. Self
kmself at ix.netcom.com
Wed Jan 19 03:28:43 PST 2005
on Tue, Jan 18, 2005 at 08:57:17AM -0800, Richard S. Crawford (rscrawford at mossroot.com) wrote:
> I started playing with PGP over the weekend, and I'm having fun using
> KMail at home to sign my e-mail and encrypt documents and generally
> have a good time.
>
> But since I use at least three different computers to access and send
> e-mail and documents -- my FC3 desktop, my WinXP/FC3 laptop, and my
> Win2K desktop at work -- how would I address the issue of signing
> e-mails when my secret key is only on one of those three machines?
> Would I use a different key? I certainly don't feel comfortable
> copying the secret key from one computer to another, even over SSH,
> since that feels like defeating the purpose to me.
>
> ...Or am I missing something fundamental about how all this works?
>
> (Obviously, since this e-mail is sent via Squirrelmail from my desktop at
> work, it's not signed.)
My own preferred option is to have a remotely accessible shell account
with which I can access email and signing keys. Not always possible,
and yes, this has its own disadvantages (do you trust the link between
yourself and the remote host for your passphrase?).
Another option is signing subkeys.
Note that this only works for _signing_ outbound email. Reading
encrypted email requires you have the key the sending party used.
However, you can generate subkeys of your own signature which _you_ can
use to _send_ signed mail from various hosts.
More on this:
http://fortytwo.ch/gpg/subkeys
...or Google around.
Haven't used it myself. Might make a neat talk topic ;-)
Peace.
--
Karsten M. Self <kmself at ix.netcom.com> http://kmself.home.netcom.com/
What Part of "Gestalt" don't you understand?
I've got my country's 500th anniversary to plan, my wedding to arrange,
my wife to murder, and Gilder to frame for it. I'm swamped!
- Princess Bride
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://ns1.livepenguin.com/pipermail/vox/attachments/20050119/3db42a8d/attachment.bin
More information about the vox
mailing list