opie or s/key with gpg?

David Shaw dshaw@jabberwocky.com
Tue Oct 7 14:38:01 CEST 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, Oct 07, 2003 at 12:26:20AM -0700, Atom 'Smasher' wrote:
> does anyone know if there's (yet) any way to use opie or s/key to unlock
> one's secret gpg key? if done right, this could greatly reduce
> (eliminate?) the possibility of having one's password sniffed, either on a
> network or from the keyboard.....

It is theoretically possible (I've thought about it for certain uses),
but it does not do what one might think it does.  One-time passwords
pretty much require that the item being protected be under the control
of the machine that runs the OTP system.  The process that
authenticates the OTP can then grant access to the protected item, in
this case the secret key.  It comes down to the OTP process either
needs access to the unprotected key or the passphrase.

This isn't a fatal flaw (after all, the gpg agent holds the same
information in memory), but it does change the circumstances where
such a setup would be useful.  Since most people want such a thing for
accessing their keys remotely, the requirement that their remote
machine must remain completely secure usually makes them reconsider.

David
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.3-cvs (GNU/Linux)
Comment: Key available at http://www.jabberwocky.com/david/keys.asc

iHEEARECADEFAj+Cpg4qGGh0dHA6Ly93d3cuamFiYmVyd29ja3kuY29tL2Rhdmlk
L2tleXMuYXNjAAoJEOJmXIdJ4cvJYdkAn3W3Jp8W7gAH8I+XL62WsQbHU6YiAJ9u
F0xocMJAhIHx099iAg34s7Lc0w==
=+EGr
-----END PGP SIGNATURE-----




More information about the Gnupg-users mailing list