Don't store your key on a flash drive! [was Re: GnuPG (GPG) Problem]
Jonathan Rockway
jon at jrock.us
Sat Aug 19 19:54:06 CEST 2006
I would recommend that you don't do that. What if you lose the drive?
Then your private key is compromised. Do you have a revocation
certificate in a safe location? If not, you can't even tell anyone that
your private key has been compromised! Not good!
The OpenPGP smartcard is a much safer option, since it will not give up
the private key (even if you have the password), and will lock itself
after 3 incorrect password attempts. (And after 3 incorrect Admin PIN
attempts, it will destroy itself, which is pretty inconvenient for
someone trying to steal your key.) Compare this to a pen drive that
will let anyone copy off the secret key and guess the passphrase on
their friendly local supercomputer cluster.
The other advantage is that if your card gets stolen, you *know* that
it's been stolen. If you have your key lying around in your homedir
somewhere, someone could just make a copy of it, and you'd never know.
With the OpenPGP card, if it's not in your hand, you can consider it stolen.
For $20, you can't go wrong. Get an OpenPGP card and be happy :)
http://www.kernelconcepts.de/products/security-en.shtml
Regards,
Jonathan Rockway
Ismael Valladolid Torres wrote:
> John Clizbe escribe:
>
>> Just copy the keyring files.
>>
>
> I store my private keyring and a public keyring containing only my
> public key on a pendrive, then in your gpg.conf:
>
> keyring /path/to/pendrive/pubring.gpg
> secret-keyring /path/to/pendrive/secring.gpg
>
> Using several different computers it works like a charm.
>
> Cordially, Ismael
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 370 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20060819/01efd96f/signature.pgp
More information about the Gnupg-users
mailing list