Remote use of keys on smartcard via gnupg-agent?
Raphaël Poss
gnupg at raphael.poss.name
Wed Mar 29 11:26:08 CEST 2006
Hi Jimmy,
Jimmy Kaplowitz wrote:
> I currently access my email via mutt over SSH, and therefore my private
> key is currently stored on that remote server. I am fully aware how bad
> of an idea this is, and so if what I ask above is possible, I plan to
> move my private key to a secure offline location, put subkeys on a
> smartcard that I take with me, and forward access to them over SSH to
> the remote email server for routine use. Hopefully I'm not the only one
> who wants this.
People who are serious about security would probably like to have the
crypto done by the smartcard itself, or at least the computer they are
sitting in front of. Therefore a better setup would be to have the
encrypted data transmitted from your distant ssh host to your local host
for decryption, and decrypted data sent back to your ssh host for use
(or just viewed locally).
If you are just using mutt in your remote ssh shell, you could configure
manually something along these lines:
1. connect to your remote ssh host using remote port forwarding, with
-R4242:localhost:4242
2. on your local host, run something like this in an interactive shell:
while true; do nc -l 4242 | gpg ; done
3. configure your remote mutt to send the encrypted data to port 4242 on
the same host, so that it gets forwarded back via your ssh connection.
This way your local gpg will get its input from the remote mutt.
I did not test this, but you get the idea.
--
Raphael
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 190 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20060329/70ca3973/signature.pgp
More information about the Gnupg-users
mailing list