Splitting encryption/signing between two gpg processes?
Werner Koch
wk at gnupg.org
Wed Feb 22 17:44:45 CET 2012
On Wed, 22 Feb 2012 17:18, joanna at invisiblethingslab.com said:
> Unfortunately the above setup has the following drawback -- in order to
> encrypt messages to other people, and/or to verify other people's
> signatures, one would need to import all those people's keys into the
> 'keys' domain. This is something we would like to avoid, as it
Did you consider to use GnuPG-2? You would run gpg-agent in your
trusted VM and gpg in the work VM. GnuPG-2 has been designed to
separate private key and public key operations. Currently gpg-agent and
gpg run on the same machine using a Unix domain socket for IPC. However
there is nothing which prevents the use of another communication
channel. In fact, when I ported GnuPG-2 to WindowsCE I modified our
libassuan IPC library to allow TCP connections for easier testing.
The 2.0 branch implements this design only for GPGSM (S/MIME), but the
2.1 development version fully implements the design and keeps the
OpenPGP keys solely under the control of the gpg-agent. I am using 2.1
for more than a year now.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-devel
mailing list