air gap private key?
hka at qbs.com.pl
Mon Feb 4 12:47:59 CET 2013
On Monday 04 of February 2013 07:26:48 refreshing at tormail.org wrote:
> I could air gap my private key. Put it on a machine with no network
> access. Then replying to mails becomes awful?
> This requires transferring incoming mail onto a usb device as text file
> and put it into the other machine. Write an answer, sign and put it back
> on usb an
> finally put it back on the machine with internet.
> More paranoids could say that the offline machine could get infected by
> the usb.
> To be more paranoid I could not put anything form the online machine to
> the offline machine. Answer without quoting and only store on usb. Never
> import to offline machine should be quite secure?
You need to airgap only your main key, the key used for signing can be stored
on your Internet-connected machine.
if it's compromised, you can just revoke it and issue another key for signing
This way all the traffic from the offline machine can be one-way
QBS - Quality Business Software
02-656 Warszawa, ul. Ksawerów 30/85
tel. +48 (22) 646-61-51, 646-74-24
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 2237 bytes
Desc: not available
More information about the Gnupg-users