[lug] GPG on two systems

Ken Weinert kenw at ihs.com
Mon Oct 16 12:13:28 MDT 2000


Just a quick thought - can you put the keys on a floppy and mount
it/access it appropriately?

Advantage: security, as you always have your key with you
Disadvantage: security, as you may lose/forget it when going back and
forth between the two locations. And losing it means that you are
completely at the mercy of the person who finds it.

* Michael J. Pedersen (marvin at keepthetouch.org) [001016 18:09]:
> On Mon, Oct 16, 2000 at 11:46:27AM -0600, Kyle Moore wrote:
> > I've been looking at pgp at home and it works like a champ with mutt. So
> > I want to start using it at work too. Should I just copy the whole
> > directory over that contains my secret and public keys? I would assume I
> > shouldn't generate new keys on my work box. Any guidance on using gpg on
> > two different computers would be appreciated.
> 
> Well, there's going to be two possibilities, each with their own
> (dis)advantages.
> 
> Copy everything to work. This leaves you open to sniffing by your workplace.
> If you trust your workplace not to invade your PC for any reason, then this is
> a good option. It lets people use the same key for different purposes. Keep in
> mind, though, that some employers will scour your machine after you leave, to
> see if you were doing anything. And they might not give you the chance to
> clean it, leaving your keys vulnerable. Advantage, though: People only need
> one key to check if it really is you.
> 
> Make new work keys, and do a cross-signing (ie: sign work key with home key,
> home key with work key). Guarantees you the safety that copying to work does
> not. Disadvantage: People need both keys, or need to be able to trust you
> completely to act as introducer for your other key. Either, way, it's slightly
> more difficult for them.
> 
> The end result? You have to decide which is worth more to you: Security for
> your keys, or convenience for your keys. As you are looking at encryption and
> signing in any fashion, you should most likely choose security.
> 

-- 
Ken Weinert   kenw at ihs.com 303-858-6956 (V) 303-705-4258 (F)
GnuPG KeyID: 9274F1CE           GnuPG available at http://www.gnupg.org/
GnuPG Key Fingerprint: 1D87 3720 BB77 4489 A928  79D6 F8EC DD76 9274 F1CE
"It's a horrible thing to watch, almost like watching an infant
tottering toward a porcupine." -- Kyle Jones on MIS people writing C

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 240 bytes
Desc: not available
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20001016/b219dac5/attachment.pgp>


More information about the LUG mailing list