[RFC] Keychain for GPG, SSH, X.509 etc. (inspired by Split GPG)
Peter Lebbing
peter at digitalbrains.com
Sat Nov 28 16:36:11 CET 2015
On 27/11/15 22:55, Andrey Utkin wrote:
> Any comments?
Could you outline a sequence of steps that goes wrong without your
solution and right with it?
Like:
- SSH to compromised PC
- Use SSH agent forwarding
- While logged in to compromised PC, SSH from there to another
Wrong:
- Compromised PC opens whole host of SSH connections purporting to be you
Right:
- Keychain confirmation server comes in guns blazing, data center
containing compromised server turns into mushroom cloud
- Mushroom clouds don't impersonate sysadmins
I'd like to see a detailed usage scenario. Preferably with mushroom clouds.
Peter.
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
More information about the Gnupg-users
mailing list