Distributed symmetric key management
borisbiljeskovic at rambler.ru
Fri Jun 17 15:15:47 CEST 2011
I have various directories that I need to keep in sync on various
machines. To do so, I would like to, say, once a week, tar the
directories, encrypt them and push them on the internet. On other
machines I'd pull accordingly. This process itself is quite simple. I
can come up with some bash magic for that.
Here's the tricky part:
Each directory has a key attached to it. My main machine, which pushes
all changes, has 'access' to all keys. My other machines just 'have' a
subset of all keys. I do not think asymmetric encryption makes much
sense here. Rather than that, I'd use symmetric encryption using keys
generated with 'gpg2 --gen-random 2'. When I am setting up a new
machine, I can distribute the keys that I need on that machine using a
safe exchange medium.
Here's basically what I have:
Machine A (main machine):
keys: project-a key, project-b key, private-stuff key
keys: project-a key, project-b key
keys: private-stuff key
Machine A pushes project-a, project-b and private-stuff, encrypting
with the according keys. Machine B pulls project-a and project-b,
decrypting with the keys it 'has', Machine C pulls private-stuff.
So, here is the problem. How can I keep track of the keys? I do not
like having them as plain text files laying in some directory. Does
gpg-agent have some way of keeping them in a keyring? If not, I am also
using gnome-keyring which can store passwords. Is there any method to
forward keys from gnome-keyring to gpg2?
More information about the Gnupg-users