Extra key best solution for very insecure locations?
berland at gmail.com
Mon May 7 10:27:55 CEST 2007
I'm trying to find the best solution for using GPG on a USB drive
I read the FAQ about subkeys which suggests to only use subkeys on
insecure computers. As far as I understand this, though, anybody who
got hold of my private subkeys would still be able to read all my
previous mails. The document was obviously written with workplace
computers and such in mind, rather than heavily infected Windows PCs
in internet cafes.
Is there a possibility to have an additional encryption subkey, that
is not used until explicitly asked for by the user? That way I could
ask people to encrypt to that subkey only while I'm on the road.
Since I assume that this is not possible, the best solution I can
think of is to have another mail alias for my domain with another key
for it. It would be easy to ask people to use that email address for a
while and with a helpful email program (e.g. Thunderbird + Enigmail)
the key selection/download would be easy, too.
I think this strategy is going to work well enough, but I still want
to ask around, if there are other opinions and experiences.
I am thinking about getting a smart card by the way, but I'm not sure
how I feel about having to carry a card reader around. Furthermore you
cannot count on having two USB ports on any computer.
Thank you for any comments
More information about the Gnupg-users