Multiple email addresses - any alternative to ask everyone to sign all my keys?
Christopher J. Walters
cwal989 at comcast.net
Wed Jul 24 04:06:05 CEST 2013
On 7/23/2013 8:29 PM, Martin wrote:
> @Chris: That still leaves the problem of having to enter the passphrase for the
> key on the untrusted machine, which might have a keylogger, doesn't it?
Martin,
It does, which is why I prefaced my suggestion with a warning against using an
untrusted computer. However, a keylogger alone, would not be enough to
compromise a key on a Live USB drive. That would give an attacker a passphrase
without a secret key. The attacker would need to find and copy the keyring
files from the USB drive.
That could be defeated by using a Live CD/DVD of an arguably more secure
kernel/OS, such as GNU/Linux or *BSD with the USB drive for storing the
keyrings. That way, so long as you trust the Live CD/DVD distribution, what is
on the untrusted computer's HDD would not matter.
Chris
More information about the Gnupg-users
mailing list