Re: Key management using a USB key
Op di, 08-03-2005 te 14:58 +0000, schreef Ben Hill:
> On Tue, 2005-03-08 at 00:46 +0100, David Härdeman wrote:
> > first of all, this might be slightly off-topic for the debian-devel
> > list, but I've got the impression that it's already been solved by some
> > DD's and might prove interesting to others (including non-DD's such as
> > me).
>
> I use a very small USB key for my gnupg and ssh keys. I had created
> the .gnupg and .ssh directories in my home a long time ago, so I
> formatted the USB device as ext2, and copied the two directories to the
> USB device as ssh and gnupg.
>
> In my home directory I create a symlink for /media/usbkey/ssh -> ~/.ssh
> and /media/usbkey/gnupg -> ~/.gnupg.
>
> So, when I stick the dongle into the USB slot, the drive is
> automatically mounted, and the symlinks point to my real key
> directories.
>
> When the key is out of the machine, my keys are safe offline.
This is also approximately how I manage this (or did, my key broke
yesterday and I haven't got a new one yet).
The only difference is that, rather than symlinking ~/.gnupg, I symlink
~/.gnupg/secring.gpg; that way, I can mount the USB key read-only, which
allows me to safely remove it while still mounted; my trustdb and public
keyring are synchronized in other ways.
--
EARTH
smog | bricks
AIR -- mud -- FIRE
soda water | tequila
WATER
-- with thanks to fortune
Reply to: