Suggestions for a Practical Scheme to Manage Multiple Identities?

imeil8 at eml.cc imeil8 at eml.cc
Tue Mar 10 00:06:16 CET 2015


Hi Folks-

I have two identities with corresponding key pairs, one for work related
needs and one for everything else. At the moment the keys for work live
on my work machine and my everything else keys live on my laptop which I
may or may not have access to at any given moment. The problem is
sometimes I need my everything else identity at work and vice versa.

Work is Ubuntu and home is Debian if that makes a difference to
anything. The Debian is Wheezy and and the Ubuntu is 14.04. I'm using
whichever gnupg is current in the repos NOT gnupg2 (sidebar issue: is
there any pressing reason why I should switch to gnupg2?). Both my work
and home machines are secure enough: I _think_. The disks are encrypted
and the security settings are mostly in the sane to somewhat-paranoid
range. I suppose my laptop is vulnerable to theft while I'm in transit
but in that state the the disk encryption would be in effect. 

I _think_ the best scheme would be to combine the two identities onto a
single keyring and write that out to an easily transported flash memory
device and point gnupg to the to the flash device to find whichever key
is needed. I _think_ I'm reasonably comfortable maintaining the security
of the portable flash device and would place backups of my key
revocation on my home and work machines in order to quickly revoke the
keys in the event of loss.

FWIW, my private keys have unreasonably long passphrases that I _think_
can withstand brute-forcing for a length of time sufficient for me to
discover the loss of my flash device and issue a revocation and take
steps to protect any files that may be vulnerable should the key become
available in the wild.

I have nothing against using a smartcard assuming there is no problem
with storing multiple 2048 keys, the card is reasonably inexpensive, and
can be had without jumping through hoops to find a vendor.

If there is really good reason why using a portable flash device is a
bad idea, I'd like to know about it. I read a discussion in the archives
about it and concluded that it will likely serve my needs fairly well.
So this is not a question about portable flash drives vs. smartcards per
se. I _think_ I understand those risks and trade-offs but if there is
something I'm missing then, of course, I'd like to know. Mainly, this is
a key organization question: what is the best way to organize my
identities so that I can access them as needed across my various
machines?

Thanks very much in advance.

-Chris



More information about the Gnupg-users mailing list