air gap private key?

refreshing at tormail.org refreshing at tormail.org
Mon Feb 4 18:14:55 CET 2013


> On Monday 04 of February 2013 07:26:48 refreshing at tormail.org wrote:
>> I could air gap my private key. Put it on a machine with no network
>> access. Then replying to mails becomes awful?
>>
>> This requires transferring incoming mail onto a usb device as text file
>> and put it into the other machine. Write an answer, sign and put it back
>> on usb an
>> finally put it back on the machine with internet.
>>
>> More paranoids could say that the offline machine could get infected by
>> the usb.
>>
>> To be more paranoid I could not put anything form the online machine to
>> the offline machine. Answer without quoting and only store on usb. Never
>> import to offline machine should be quite secure?
>
> You need to airgap only your main key, the key used for signing can be
> stored
> on your Internet-connected machine.
>
> if it's compromised, you can just revoke it and issue another key for
> signing
> e-mails
>
> This way all the traffic from the offline machine can be one-way

Thanks. Will consider.

I prefer to stop possibility to sign a single malicious mail. Is there any
more secure way?




More information about the Gnupg-users mailing list