Remote signing

[Stuart A Yeates]

Dave Symonds wrote:
> I have a slightly unusual setup that I would like to use GnuPG in, and wanted
> to ask for some guidance. At my Uni we have a Sun machine that runs all the
> mail stuff, and where I mostly prefer to do all my mail reading/composing from.
> However, I don't want to entrust my GPG private key(s) to that system, and
> would prefer to keep them on my laptop (or a USB key). What my ideal setup
> would be is for my mailer (mutt) running on the mail server to call out to
> a little script that would connect securely (via ssh) to my laptop, on which
> would pop up a window showing the message and prompting for the passphrase to
> sign that message (encryption isn't so important at the moment). The signed
> message would be sent back, and then emailed out.

If the Sun is hacked, an attacker can (potentially) see every password 
you type.

You almost certainly want two passwords, first for the ssh connection 
and second for the gpg.

What I've seen other people do is use two keys one for home and one for 
work/school. It seems to work pretty well, you can sign them with each 
other and take both to keysegning parties.

cheers
stuart

-- 
Stuart Yeates            stuart.yeates at computing-services.oxford.ac.uk
OSS Watch                                  http://www.oss-watch.ac.uk/
Oxford Text Archive                             http://ota.ahds.ac.uk/
Humbul Humanities Hub                         http://www.humbul.ac.uk/