Protecting signing key
alphasigmax at gmail.com
Tue Aug 2 10:32:45 CEST 2005
-----BEGIN PGP SIGNED MESSAGE-----
S K wrote:
> I plan to make myself a signing key and keep it
> offline and as securely as possible.
Well, you could try Tinfoil Hat Linux (http://tinfoilhat.shmoo.com/)...
run it on a computer with an LCD screen (laptops are best) - in a
steel-and-concrete strongroom (complete with Faraday cage) - that has
never been connected to a network. Remove all hard drives for good measure.
Or, you could store you signing key on a CD-R in a safe deposit box 3
hours drive from your house, with the passphrase stored in another safe
deposit box 3 hours drive the other way from your house.
Or, you could just make damn sure you are the only one with access to
the computer... with a GOOD passphrase on it.
In some ways worse (and by far more common) is not theft of the private
key, but losing it completely. Make sure you have both a backup of it
and a revocation certificate.
As for the encrypted file systems... Windows supports whole disk
encryption in various forms as well.
Alphax | /"\
Encrypted Email Preferred | \ / ASCII Ribbon Campaign
OpenPGP key ID: 0xF874C613 | X Against HTML email & vCards
http://tinyurl.com/cc9up | / \
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the Gnupg-users