[vox] PGP question: Multiple Machines

Karsten M. Self kmself at ix.netcom.com
Sun Jan 23 13:03:23 PST 2005 

on Wed, Jan 19, 2005 at 09:01:09AM -0800, Ken Bloom (kabloom at ucdavis.edu) wrote:
> On Wed, 19 Jan 2005 03:28:43 -0800
> "Karsten M. Self" <kmself at ix.netcom.com> wrote:
> 
> > on Tue, Jan 18, 2005 at 08:57:17AM -0800, Richard S. Crawford
> > (rscrawford at mossroot.com) wrote:
> > > I started playing with PGP over the weekend, and I'm having fun
> > > using KMail at home to sign my e-mail and encrypt documents and
> > > generally have a good time.
> > > 
> > > But since I use at least three different computers to access and
> > > send e-mail and documents -- my FC3 desktop, my WinXP/FC3 laptop,
> > > and my Win2K desktop at work -- how would I address the issue of
> > > signing e-mails when my secret key is only on one of those three
> > > machines? Would I use a different key?  I certainly don't feel
> > > comfortable copying the secret key from one computer to another,
> > > even over SSH, since that feels like defeating the purpose to me.
> > > 
> > > ...Or am I missing something fundamental about how all this works?
> > > 
> > > (Obviously, since this e-mail is sent via Squirrelmail from my
> > > desktop at work, it's not signed.)
> > 
> > My own preferred option is to have a remotely accessible shell account
> > with which I can access email and signing keys.  Not always possible,
> > and yes, this has its own disadvantages (do you trust the link between
> > yourself and the remote host for your passphrase?).
> > 
> > Another option is signing subkeys.
> > 
> > 
> > Note that this only works for _signing_ outbound email.  Reading
> > encrypted email requires you have the key the sending party used.  
> > 
> > However, you can generate subkeys of your own signature which _you_
> > can use to _send_ signed mail from various hosts.
> > 
> > More on this:
> > 
> >     http://fortytwo.ch/gpg/subkeys
> > 
> > ...or Google around.
> > 
> > Haven't used it myself.  Might make a neat talk topic ;-)
> 
> So that's why subkeys.pgp.net has that name -- because it's the set of
> all keyservers that can handle the (newer) subkey features of GPG.

Could be, not familiar with it.

But your raise a good point:  not all PKI solutions can deal with
subkeys, the references above specifically mention some PGP versions.


Peace.

-- 
Karsten M. Self <kmself at ix.netcom.com>        http://kmself.home.netcom.com/
 What Part of "Gestalt" don't you understand?
    The support contract said RHEL 3.0 or better, so I installed Debian
    - Peter Samuelson
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://ns1.livepenguin.com/pipermail/vox/attachments/20050123/0bccc6a0/attachment.bin

More information about the vox mailing list