|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [PLUG] Migrating GnuPG data
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
1st topic:
> Would that key be directly importable to the Linux PC?
Yes. I've switched keys back and forth between GnuPG (linux),
GnuPG (Windows) and PGP (Windows) without nary a hitch. There
*are* some incompatibilities however, so YMMV.
2nd topic:
> I'm not sure to understand you. You don't have a copy of your
> private key on your computer ? If so, how do you sign your
> mail ?
Well, I didn't say it was necessary the way *I* did it, but
one way it could be done. Just put the secret key on a
floppy (read-only) and your public key on the hard drive.
You could only keep the public on the floppy as well, but
that means you'd have to insert the floppy to do every
operation, even just verifying a signature. Once the secret key
is on your disk, just set your ~/.gnupg/options file to point
to /mnt/floppy/mykey. Here's a copy of my options file:
secret-keyring /mnt/floppy/mykey
keyring /home/greg/.gnupg/pubkey
no-version
comment http://www.turnstep.com/pgp.html
encrypt-to 0x2529DF6AB8F79407E94445B4BC9B906714964AC8
no-greeting
default-recipient-self
force-v3-sigs
escape-from-lines
lock-once
When you want to sign something, type the command, put the disk
in, hit enter, then remove the disk after a couple of seconds.
(the key is then in memory, waiting to be unlocked with your
passphrase). That's still not completely safe, but vastly
better than leaving your key on the hard drive. The best way is
to put gpg on a non-networked computer, and use a floppy to
transfer files between the two.
As to the instability of floppies, I think that it is pretty much
a non-issue. Hard drives can go bad as well, and a read-only
floppy that is only used for one thing is less likely to have
problems than a hard drive that is being used for read/write
day in and day out. And yes, I have a backup copy, stored away
safely. I like the idea of the CD as well, but it's not as
portable (well, one of my computers has no CD drive anyway) and
it is also a lot more conspicous. My floppy is old, beat-up,
and ext2 formatted. If I should ever lose it, the chances are
good that most people (e.g. Windows users) will not even be
able to read it, much less recognize what is on it. And if the
floppy should ever "go bad", you can use disk recovery tools
just as if a hard drive had gone bad (and will probably be
easier to do than a hard drive.) All else fails, you can
destroy the defective disk and make a new one from your backup
copy.
Greg Sabino Mullane
greg@turnstep.com
PGP Key: 0x14964AC8 200201052056
-----BEGIN PGP SIGNATURE-----
Comment: http://www.turnstep.com/pgp.html
iQA/AwUBPDew4rybkGcUlkrIEQI1hgCfdw6Cb9CBD05QQJ9qBWRc6ow30PoAoOjc
6HwmCXeAPkn9Lssru4l/3GMy
=vRTI
-----END PGP SIGNATURE-----
______________________________________________________________________
Philadelphia Linux Users Group - http://www.phillylinux.org
Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce
General Discussion - http://lists.phillylinux.org/mail/listinfo/plug
|
|