[RFC] Keychain for GPG, SSH, X.509 etc. (inspired by Split GPG)

Peter Lebbing peter at digitalbrains.com
Sat Nov 28 16:36:11 CET 2015

On 27/11/15 22:55, Andrey Utkin wrote:
> Any comments?

Could you outline a sequence of steps that goes wrong without your
solution and right with it?


- SSH to compromised PC
- Use SSH agent forwarding
- While logged in to compromised PC, SSH from there to another

- Compromised PC opens whole host of SSH connections purporting to be you

- Keychain confirmation server comes in guns blazing, data center
containing compromised server turns into mushroom cloud
- Mushroom clouds don't impersonate sysadmins

I'd like to see a detailed usage scenario. Preferably with mushroom clouds.


I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>

More information about the Gnupg-users mailing list