different keys for different machine?

Adrian 'Dagurashibanipal' von Bidder avbidder@fortytwo.ch
Wed Jan 29 09:12:09 2003


--=-navwXMHPA/94VADwl3wC
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

On Die, 2003-01-28 at 21:46, Aaron P. Martinez wrote:
> Wow, this is way more in depth than i was hoping for...
>=20
> Ok...lets say, for security sake..that i really only need one, no lets
> say two..one linux and one window's box to send email from..I use an
> imap server so i often connect to the server from one of the two
> machines.  The rest of the machines are server machines.  My network is
> set up as such.....
>=20
> internet gateway/firewall/router----int. router/samba/fw/---internal net
> 		|
> 		|
> 		|
>                DMZ
>=20
> (ascii art---not my forte) =20
>=20
> The internal net is where my email boxes are of course.  on the dmz
> currently i have one maching doing most work...SMTP, IMAP, HTTP, SSH,
> WEBMAIL, the ohter machine is just a haylafax server.  and then there is
> my internal router/firewall/samba server.  I'm not sure this clears it
> up..but it sounds like what the best thing in this situation to do is
> share the key on my two workstation machines..(can i share the key on a
> windows and linux box?) and then create a seperate key for each of the
> other machines for encryption purposes?

Ok, yes: if you think that both machines are safe enough for you, juist
share the key. It's no problem to share keys between windows and Linux.
There have been some problems in the past with new gpg versions and
older pgp versions, but if you use gpg on both, or recent versions of
both programs, there should be no problems.

I don't know why you want keys on the other machines at all. To transfer
data within the network, use ssh and all is ok. To encrypt file, have
your public key on the routers, so you can encrypt things you want to
send yourself. The only reason would be when you want to store encrypted
data - but then I would not have the secret key on the machines...

Hope you see what I mean.
cheers
-- vbi

--=20
Available for key signing in Z=FCrich and Basel, Switzerland
                     (what's this? Look at http://fortytwo.ch/gpg/intro)

--=-navwXMHPA/94VADwl3wC
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQA+N40gKqpm2L3fmXoRAptVAKCGO0i3p0bLfhWNEDez4LMqS4t/KgCgj3ZO
oM62pkXGQy+nNXCi/AkdbTU=
=8CCE
-----END PGP SIGNATURE-----

--=-navwXMHPA/94VADwl3wC--