Re: Suggestions for a Practical Scheme to Manage Multiple Identities?
On 10.03.15 04:41, NIIBE Yutaka wrote: >> So this is not a question about portable flash drives vs. smartcards per >> > se. I _think_ I understand those risks and trade-offs but if there is >> > something I'm missing then, of course, I'd like to know. > I had an experience that one of my family members took my portable > flash drive for his/her own purpose (and it took hours/days for me to > realize the fact). > > This might be another risk. On top of all the other problems of a general purpose storage device. I'd say just go with a smartcard or purpose built token device [1][2]. As for the multiple identities, different smartcards as needed. That makes the reader the only device to carry and the cards you can cut (some precut) to SIM-card size to make carrying easy. And there are small readers available. [1]: http://www.seeedstudio.com/wiki/index.php?title=FST-01 [2]: http://www.fsij.org/doc-gnuk/ -- Ville signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Suggestions for a Practical Scheme to Manage Multiple Identities?
On 03/10/2015 08:06 AM, ime...@eml.cc wrote: > So this is not a question about portable flash drives vs. smartcards per > se. I _think_ I understand those risks and trade-offs but if there is > something I'm missing then, of course, I'd like to know. I had an experience that one of my family members took my portable flash drive for his/her own purpose (and it took hours/days for me to realize the fact). This might be another risk. With this experience, I abandoned adding the feature of storage to Gnuk, even if I know the usefulness. If it's useful for you, it would be also useful for them, that might be a risk. P.S. I maintain Gauche, a Scheme interpreter, in Debian. Since the site is named "Practical Scheme" [0], at first glance, I completely misunderstood your subject. [0] Practical Scheme: http://practical-scheme.net/index.html -- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Suggestions for a Practical Scheme to Manage Multiple Identities?
Hi Folks- I have two identities with corresponding key pairs, one for work related needs and one for everything else. At the moment the keys for work live on my work machine and my everything else keys live on my laptop which I may or may not have access to at any given moment. The problem is sometimes I need my everything else identity at work and vice versa. Work is Ubuntu and home is Debian if that makes a difference to anything. The Debian is Wheezy and and the Ubuntu is 14.04. I'm using whichever gnupg is current in the repos NOT gnupg2 (sidebar issue: is there any pressing reason why I should switch to gnupg2?). Both my work and home machines are secure enough: I _think_. The disks are encrypted and the security settings are mostly in the sane to somewhat-paranoid range. I suppose my laptop is vulnerable to theft while I'm in transit but in that state the the disk encryption would be in effect. I _think_ the best scheme would be to combine the two identities onto a single keyring and write that out to an easily transported flash memory device and point gnupg to the to the flash device to find whichever key is needed. I _think_ I'm reasonably comfortable maintaining the security of the portable flash device and would place backups of my key revocation on my home and work machines in order to quickly revoke the keys in the event of loss. FWIW, my private keys have unreasonably long passphrases that I _think_ can withstand brute-forcing for a length of time sufficient for me to discover the loss of my flash device and issue a revocation and take steps to protect any files that may be vulnerable should the key become available in the wild. I have nothing against using a smartcard assuming there is no problem with storing multiple 2048 keys, the card is reasonably inexpensive, and can be had without jumping through hoops to find a vendor. If there is really good reason why using a portable flash device is a bad idea, I'd like to know about it. I read a discussion in the archives about it and concluded that it will likely serve my needs fairly well. So this is not a question about portable flash drives vs. smartcards per se. I _think_ I understand those risks and trade-offs but if there is something I'm missing then, of course, I'd like to know. Mainly, this is a key organization question: what is the best way to organize my identities so that I can access them as needed across my various machines? Thanks very much in advance. -Chris ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
