different keys for different machine?
Aaron P. Martinez
Tue Jan 28 21:46:01 2003
Wow, this is way more in depth than i was hoping for...
Ok...lets say, for security sake..that i really only need one, no lets
say two..one linux and one window's box to send email from..I use an
imap server so i often connect to the server from one of the two
machines. The rest of the machines are server machines. My network is
set up as such.....
internet gateway/firewall/router----int. router/samba/fw/---internal net
(ascii art---not my forte)
The internal net is where my email boxes are of course. on the dmz
currently i have one maching doing most work...SMTP, IMAP, HTTP, SSH,
WEBMAIL, the ohter machine is just a haylafax server. and then there is
my internal router/firewall/samba server. I'm not sure this clears it
up..but it sounds like what the best thing in this situation to do is
share the key on my two workstation machines..(can i share the key on a
windows and linux box?) and then create a seperate key for each of the
other machines for encryption purposes? I suspect that for the main dmz
machine, i should actually get a key through a CA so i don't get the
dreaded "untrusted key" or worse yet, my customers?
Hope this clears it up..and thanks for the quick responses.
On Tue, 2003-01-28 at 12:57, Thomas Arend wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> Am Dienstag, 28. Januar 2003 17:16 schrieb Aaron P. Martinez:
> > I was generating a key the other day and then on a different machine, i
> > wanted to do it again..well, then i realized that i was going to have
> > the same name associated with different keys. I have about 4 machines
> > that i will need to do this on. Should i simply move my key pair to all
> > of my machines or make new one's on each machine?
> > Thanks in advance,
> > aaron martinez
> You should copy your key-ring or export / import your secret key if you want
> to be able to decrypt all your mail on every maschine.
> On linux on an network it's quite easy
> user1@maschine1:~> ssh -l user2 maschine2 gpg --export-secret-key | gpg
> - --import
> Or you can share you secret-key-ring via nfs
> Best regards
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.1 (GNU/Linux)
> -----END PGP SIGNATURE-----
> Gnupg-users mailing list