[vox] PGP question: Multiple Machines
Ken Bloom
kabloom at ucdavis.edu
Wed Jan 19 09:01:09 PST 2005
On Wed, 19 Jan 2005 03:28:43 -0800
"Karsten M. Self" <kmself at ix.netcom.com> wrote:
> on Tue, Jan 18, 2005 at 08:57:17AM -0800, Richard S. Crawford
> (rscrawford at mossroot.com) wrote:
> > I started playing with PGP over the weekend, and I'm having fun
> > using KMail at home to sign my e-mail and encrypt documents and
> > generally have a good time.
> >
> > But since I use at least three different computers to access and
> > send e-mail and documents -- my FC3 desktop, my WinXP/FC3 laptop,
> > and my Win2K desktop at work -- how would I address the issue of
> > signing e-mails when my secret key is only on one of those three
> > machines? Would I use a different key? I certainly don't feel
> > comfortable copying the secret key from one computer to another,
> > even over SSH, since that feels like defeating the purpose to me.
> >
> > ...Or am I missing something fundamental about how all this works?
> >
> > (Obviously, since this e-mail is sent via Squirrelmail from my
> > desktop at work, it's not signed.)
>
> My own preferred option is to have a remotely accessible shell account
> with which I can access email and signing keys. Not always possible,
> and yes, this has its own disadvantages (do you trust the link between
> yourself and the remote host for your passphrase?).
>
> Another option is signing subkeys.
>
>
> Note that this only works for _signing_ outbound email. Reading
> encrypted email requires you have the key the sending party used.
>
> However, you can generate subkeys of your own signature which _you_
> can use to _send_ signed mail from various hosts.
>
> More on this:
>
> http://fortytwo.ch/gpg/subkeys
>
> ...or Google around.
>
> Haven't used it myself. Might make a neat talk topic ;-)
So that's why subkeys.pgp.net has that name -- because it's the set of
all keyservers that can handle the (newer) subkey features of GPG.
--Ken Bloom
--
I usually have a GPG digital signature included as an attachment.
See http://www.gnupg.org/ for info about these digital signatures.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://ns1.livepenguin.com/pipermail/vox/attachments/20050119/748614a3/attachment.bin
More information about the vox
mailing list