Question about a perfect private Key store for today's environment

Aleksandar Lazic al-gnupg_users at none.at
Sat Sep 21 23:06:22 CEST 2013


Hi all.

Due to the fact that more and more users, including me,
want to use pgp and smime for end-to-end-encryption I asked myself the 
following.

What could be a perfect or at least a very good storage of the
private Key.

What could be a secret use of the pgp and smime technology implemented 
for
today's user environment.

My definition of "today's user environment":

1.) Private  mobile device, tablet, notebook with private E-Mail program
2.) Business mobile device, tablet, notebook with company E-Mail program
     with company key and private key
3.) Private  mobile device, tablet, notebook with Web mail only access
4.) Business mobile device, tablet, notebook with Web mail only access
5.) more to defined

There are for different clients different tools available but the 
problem from my point of view is that you must always add your private 
key into the different clients.

This is a lot of work and sometimes not possible as in point 3+4 
defined.

Point 1+2 are also not very secure due to the fact that nobody knows 
what really happen on such devices.

There are some HW-Solutions like

http://g10code.com/p-card.html
http://shop.kernelconcepts.de/product_info.php?cPath=1_26&products_id=133&osCsid=503b6045b0863ea8f4bc84757e89ee81

but how could this or other HW-Solutions be usable along with Point 1+2 
definitions?

In case you have your own server with your own web mail solution like 
roundcube, Horde or any other and you have secured your private Key on 
this server then you have a solution for point 3+4  but not for 1+2.

What solution is available for public Web mail providers like gmail, 
gmx, hotmail, .... .?

In this case there must be a way to sign the message with the private 
key on disc or USB-Stick.

 From my point of view I don't see a secure and usable solution for the 
most users out there.

Maybe I have the wrong point of view.
I'm sure that I don't know not all possible solutions.

What are your opinions about the thought above?
What are your solution which you use?

Thanks for reading and looking forward to your answers.

Aleksandar Lazic



More information about the Gnupg-users mailing list