Re: handling private keys

To: debian-security@lists.debian.org
Subject: Re: handling private keys
From: Rick Moen <rick@linuxmafia.com>
Date: Tue, 28 Jun 2005 12:30:06 -0700
Message-id: <[🔎] 20050628193006.GR5901@linuxmafia.com>
In-reply-to: <[🔎] 9044cb3205062812225098d6e3@mail.gmail.com>
References: <[🔎] 42C14D52.4060702@smartpost.ro> <[🔎] 20050628191227.GI20325@linuxmafia.com> <[🔎] 9044cb3205062812225098d6e3@mail.gmail.com>

Quoting Edward Faulkner (edfaulkner@gmail.com):

> I do the same thing with my passwords, but that doesn't quite answer
> the question.  Radu wants a place to keep GPG keys safe - not just
> their passwords.

Yes, good point.

I don't have a good answer to Radu's situation other than don't use the
passphrase other than on your own system at times when you have
reasonable confidence of not being root-compromised -- and keep the
revocation certificate around on offline media in case you're wrong.

> It would be pretty cool to use a PDA as a trusted device - it would
> download a document from the PC, ask you to verify it, then sign it
> and send it back.

I've pondered this possibility for a few years, ever since I lived at a
building with a (Linux-based) Internet cafe.  Such a crypto appliance
would definitely be on my shopping list.

Reply to:

References:
- handling private keys
  - From: Radu Spineanu <radus@smartpost.ro>
- Re: handling private keys
  - From: Rick Moen <rick@linuxmafia.com>
- Re: handling private keys
  - From: Edward Faulkner <edfaulkner@gmail.com>

Prev by Date: Re: handling private keys
Next by Date: Re: Bad press related to (missing) Debian security
Previous by thread: Re: handling private keys
Next by thread: Re: handling private keys
Index(es):
- Date
- Thread