[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: handling private keys

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
Radu Spineanu wrote:

> Hello
>
> I working on a small project, and i have a problem related to
> keeping gpg private keys stored on usb drives secure when working
> with them.
>
> My problem is that in case the machine is compromised, if the usb
> with the key is mounted the attacker has access to it.
>
> Has anyone heard of an implementation, or at least a whitepaper
> related to creating some kind of secure zone where i can keep these
> keys ?

It's a logical problem: If somone has compromised your machine
there would be >no< possibility to make a difference between a
legitimate user
and an intruder.
So he would possibly be able to read your private key!

The only absolute solution would be a kind of intelligent usb drive
which is accepting
a file to decrypt or sign and offer the result.
So somebody could use the key as long as you leave your usb drive in
your machine,
but not any longer!
Unfortunatly science fiction at the moment. ;)

Christian

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
 
iD8DBQFCwW7oYqkpSde2O/gRAmaDAJ9G7MbEKx+4WGoxBenwOJYG4HgNdwCgzQlq
JT+Ei0XB5OeqdTMwFmtfa2E=
=zWZe
-----END PGP SIGNATURE-----
Reply to: