* Radu Spineanu <radus@smartpost.ro>: > I working on a small project, and i have a problem related to keeping > gpg private keys stored on usb drives secure when working with them. > > My problem is that in case the machine is compromised, if the usb with > the key is mounted the attacker has access to it. > > Has anyone heard of an implementation, or at least a whitepaper related > to creating some kind of secure zone where i can keep these keys ? You might be interested in the recent support of the TPM security chips by the kernel (from 2.6.12 I think). If you have such hardware, all the crypto related stuff could be done on the chip without any software access (even from root) until someone gets the admin password of the chip. Best, Sylvain. -- Sylvain Soliman <Sylvain.Soliman@m4x.org> GnuPG Public Key: 0x0F53AF99 Secretaire adjoint Fede. Francaise de Go http://ffg.jeudego.org/ Co-mainteneur de PilotGOne http://minas.ithil.org/pilotgone/ Page personelle http://contraintes.inria.fr/~soliman/
Attachment:
signature.asc
Description: Digital signature