private key protection

takethebus at gmx.de takethebus at gmx.de
Mon Oct 17 23:18:02 CEST 2011


Hi everybody,

what is the best way to protect 
your private key from getting stolen?

I think:

1. Using gnupg on a windows PC with internet connection is not good, because there are too many trojans out there. 

2. Using gnupg on a linux PC with internet connection (like privatix, see http://www.mandalka.name/privatix/index.html.en ) is better since there are fewer(?) security holes and trojans out there. How big do you think is the thread? 

3. The best way is to have one PC connected to the internet and another, without an internet connection (missing network drivers and a fully encrypted hard disk for instance), which you use to decrypt and encrypt messages. You use an USB stick to carry messages from the internet PC to the one not connected to the net. If you don't have two PCs, you can use another USB stick with privatix without network drivers on it. 

Which software can I use under point 3 to put my messages in order (date, sender, etc.) on a linux system?

Most people use something like point 2, don't they?

Point 3 is the only satisfying to me, since I find it hard to judge the the thread in point 2. Additionally point 3 makes it easier to see when your key might have been stolen: If you see traces that someone broke into your house and searched everything for the hidden privatix USB stick. Only experts might notice a trojan under point 2. 

Thanks for answers, 
Jan



More information about the Gnupg-users mailing list