BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] Sharing gnupg keyring among computers

Subject: [Discuss] Sharing gnupg keyring among computers
From: cra at WPI.EDU (Chuck Anderson)
Date: Mon, 25 Sep 2017 15:57:17 -0400
In-reply-to: <31235c6b-6d16-ca42-c0ef-5ca131630f32@gmail.com>
References: <CAEvgogHMsuciQxZZ-cFtP2v9Qs6xbXYdm2wDy9zQ1EOWPS34TA@mail.gmail.com> <CAEvgogE-YAJUC0TD0tcxnp1f+puSax6Fo7U1pWT+NOiZJhNVBA@mail.gmail.com> <CAEvgogFJd9GoLxHQ4wmRu3EJP8OwggwWFyKhSDVHyRZjiGOYnQ@mail.gmail.com> <CAEvgogExsBoxr-kJuTAOQegrcVbP4KxY12rohKDPpPay2iva=w@mail.gmail.com> <CAEvgogHWjLTXJC8VA4eimL9tLq3kyLtktho2Ai0xvP4y7P1Etw@mail.gmail.com> <CAEvgogF_MSpswvJPfG_Kse+QcfkBnh=7ViMb2gRwBnRmK4_03g@mail.gmail.com> <CAEvgogF2ybMg-L098iL8e3Qp6wSvBhtOTMF09bAOdo7qyPDKtA@mail.gmail.com> <CAEvgogGQRubn39VGTDQog6JyUcjbmsww+46PNzfOvV_0BbqXsg@mail.gmail.com> <20170925133058.GG13169@angus.ind.wpi.edu> <31235c6b-6d16-ca42-c0ef-5ca131630f32@gmail.com>

On Mon, Sep 25, 2017 at 02:17:23PM -0400, Richard Pieri wrote:
> On 9/25/2017 9:30 AM, Chuck Anderson wrote:
> > You could use something like YubiKey to store GPG keys.
> 
> You can, but I'm not sure that USB anything is a good idea for GPG keys.
> If you trust the computer enough to unlock your keys on it then the fob
> isn't adding any security to the workflow, but it adds complexity and
> inconvenience. If you don't trust that computer then plugging writable
> storage into it is a very bad idea.

YubiKey isn't simply a writable USB mass storage device.  It is purpose-designed to store secrets securely.  They also make a NFC version.

It does add security, because it is a 2nd factor (something you have).  You can keep the keys separate from the laptop so if the laptop is stolen, they don't have your keys.

If you don't trust the computer you are typing into, they none of what we are discussing can help.

Follow-Ups:
- [Discuss] Sharing gnupg keyring among computers
  - From: richard.pieri at gmail.com (Richard Pieri)

References:
- [Discuss] Sharing gnupg keyring among computers
  - From: gaf.linux at gmail.com (Jerry Feldman)
- [Discuss] Sharing gnupg keyring among computers
  - From: cra at WPI.EDU (Chuck Anderson)
- [Discuss] Sharing gnupg keyring among computers
  - From: richard.pieri at gmail.com (Richard Pieri)

Prev by Date: [Discuss] Sharing gnupg keyring among computers
Next by Date: [Discuss] Sharing gnupg keyring among computers
Previous by thread: [Discuss] Sharing gnupg keyring among computers
Next by thread: [Discuss] Sharing gnupg keyring among computers
Index(es):
- Date
- Thread


BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.