Re: handling private keys

To: Rick Moen <rick@linuxmafia.com>
Cc: debian-security@lists.debian.org
Subject: Re: handling private keys
From: Edward Faulkner <edfaulkner@gmail.com>
Date: Tue, 28 Jun 2005 15:22:07 -0400
Message-id: <[🔎] 9044cb3205062812225098d6e3@mail.gmail.com>
Reply-to: ef@alum.mit.edu
In-reply-to: <[🔎] 20050628191227.GI20325@linuxmafia.com>
References: <[🔎] 42C14D52.4060702@smartpost.ro> <[🔎] 20050628191227.GI20325@linuxmafia.com>

On 6/28/05, Rick Moen <rick@linuxmafia.com> wrote:
> Mine is called a PalmPilot with Keyring (3DES password store) installed,
> where I'm careful about what I install on it.  It strikes me that threat
> models are more easily isolated and dealth with on a PDA than on a
> networked computer, especially a multiuser one.

I do the same thing with my passwords, but that doesn't quite answer
the question.  Radu wants a place to keep GPG keys safe - not just
their passwords.

It would be pretty cool to use a PDA as a trusted device - it would
download a document from the PC, ask you to verify it, then sign it
and send it back.  It's even better than a smart card, because you can
use the PDA's display to verify that you're signing what you think
you're signing.

I don't know of any program to do this, but it's certainly possible.

-Ed

Reply to:

Follow-Ups:
- Re: handling private keys
  - From: Rick Moen <rick@linuxmafia.com>
- Re: handling private keys
  - From: Radu Spineanu <radus@smartpost.ro>

References:
- handling private keys
  - From: Radu Spineanu <radus@smartpost.ro>
- Re: handling private keys
  - From: Rick Moen <rick@linuxmafia.com>

Prev by Date: Re: Security team support
Next by Date: Re: handling private keys
Previous by thread: Re: handling private keys
Next by thread: Re: handling private keys
Index(es):
- Date
- Thread