dasymond at it.usyd.edu.au
Tue Apr 20 14:10:05 CEST 2004
On Tue, Apr 20, 2004 at 10:56:04AM +0100, Stuart A Yeates wrote:
> Let me see if I've understood you correctly:
I think you have it slightly backwards...
> You have a Sun which does all your you normal mail handling, and at
> whose console you do do your computing. You have another laptop
> connected to the Sun via a public network which has your secret key.
> When you wish to use your public keys you use ssh to start a bash shell
> (or similar) on the laptop, transfer your data, perform your operation
> and transfer your data back. Possibly you have a script to automate some
> of these connection/transfer/opration/transfer steps.
The Sun does all the normal mail handling, but there is no console that I
use to access it directly (only via ssh). The ssh connection from my laptop
to the Sun is the only true TCP connection (made easier with a ssh keypair,
private key on laptop). Other things can be tunnelled through the ssh
> If the Sun is compromised, then your ssh connection and password is
> compromised. If your ssh password is compromised then an attacker can
> use it to connect to the laptop and get your secret key. If the secret
> key has no passphrase, then the attacker has all they need.
If the Sun machine is compromised, then I can see nothing compromised. They
can, of course, send mail as "me", but it won't be GPG signed. The GPG private
key is stored on my laptop (with a passphrase), but is never sent over the ssh
tunnel. When signing needs to occur the MUA will call out to some program or
script that will use the ssh tunnel to send the email message back to the
laptop, on which it will be displayed for checking. GPG signing takes place
on the laptop, and the signed message is returned to the MUA.
More information about the Gnupg-users