Question about a perfect private Key store for today's environment
Aleksandar Lazic
al-gnupg_users at none.at
Sat Sep 21 23:06:22 CEST 2013
Hi all.
Due to the fact that more and more users, including me,
want to use pgp and smime for end-to-end-encryption I asked myself the
following.
What could be a perfect or at least a very good storage of the
private Key.
What could be a secret use of the pgp and smime technology implemented
for
today's user environment.
My definition of "today's user environment":
1.) Private mobile device, tablet, notebook with private E-Mail program
2.) Business mobile device, tablet, notebook with company E-Mail program
with company key and private key
3.) Private mobile device, tablet, notebook with Web mail only access
4.) Business mobile device, tablet, notebook with Web mail only access
5.) more to defined
There are for different clients different tools available but the
problem from my point of view is that you must always add your private
key into the different clients.
This is a lot of work and sometimes not possible as in point 3+4
defined.
Point 1+2 are also not very secure due to the fact that nobody knows
what really happen on such devices.
There are some HW-Solutions like
http://g10code.com/p-card.html
http://shop.kernelconcepts.de/product_info.php?cPath=1_26&products_id=133&osCsid=503b6045b0863ea8f4bc84757e89ee81
but how could this or other HW-Solutions be usable along with Point 1+2
definitions?
In case you have your own server with your own web mail solution like
roundcube, Horde or any other and you have secured your private Key on
this server then you have a solution for point 3+4 but not for 1+2.
What solution is available for public Web mail providers like gmail,
gmx, hotmail, .... .?
In this case there must be a way to sign the message with the private
key on disc or USB-Stick.
From my point of view I don't see a secure and usable solution for the
most users out there.
Maybe I have the wrong point of view.
I'm sure that I don't know not all possible solutions.
What are your opinions about the thought above?
What are your solution which you use?
Thanks for reading and looking forward to your answers.
Aleksandar Lazic
More information about the Gnupg-users
mailing list