[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Key management using a USB key

Op di, 08-03-2005 te 14:58 +0000, schreef Ben Hill:
> On Tue, 2005-03-08 at 00:46 +0100, David Härdeman wrote:
> > first of all, this might be slightly off-topic for the debian-devel 
> > list, but I've got the impression that it's already been solved by some 
> > DD's and might prove interesting to others (including non-DD's such as 
> > me).
> I use a very small USB key for my gnupg and ssh keys. I had created
> the .gnupg and .ssh directories in my home a long time ago, so I
> formatted the USB device as ext2, and copied the two directories to the
> USB device as ssh and gnupg.
> In my home directory I create a symlink for /media/usbkey/ssh -> ~/.ssh
> and /media/usbkey/gnupg -> ~/.gnupg.
> So, when I stick the dongle into the USB slot, the drive is
> automatically mounted, and the symlinks point to my real key
> directories.
> When the key is out of the machine, my keys are safe offline.

This is also approximately how I manage this (or did, my key broke
yesterday and I haven't got a new one yet).

The only difference is that, rather than symlinking ~/.gnupg, I symlink
~/.gnupg/secring.gpg; that way, I can mount the USB key read-only, which
allows me to safely remove it while still mounted; my trustdb and public
keyring are synchronized in other ways.

     smog  |   bricks
 AIR  --  mud  -- FIRE
soda water |   tequila
 -- with thanks to fortune

Reply to: