Remote signing
Stuart A Yeates
stuart.yeates at computing-services.oxford.ac.uk
Tue Apr 20 09:55:10 CEST 2004
Dave Symonds wrote:
> I have a slightly unusual setup that I would like to use GnuPG in, and wanted
> to ask for some guidance. At my Uni we have a Sun machine that runs all the
> mail stuff, and where I mostly prefer to do all my mail reading/composing from.
> However, I don't want to entrust my GPG private key(s) to that system, and
> would prefer to keep them on my laptop (or a USB key). What my ideal setup
> would be is for my mailer (mutt) running on the mail server to call out to
> a little script that would connect securely (via ssh) to my laptop, on which
> would pop up a window showing the message and prompting for the passphrase to
> sign that message (encryption isn't so important at the moment). The signed
> message would be sent back, and then emailed out.
If the Sun is hacked, an attacker can (potentially) see every password
you type.
You almost certainly want two passwords, first for the ssh connection
and second for the gpg.
What I've seen other people do is use two keys one for home and one for
work/school. It seems to work pretty well, you can sign them with each
other and take both to keysegning parties.
cheers
stuart
--
Stuart Yeates stuart.yeates at computing-services.oxford.ac.uk
OSS Watch http://www.oss-watch.ac.uk/
Oxford Text Archive http://ota.ahds.ac.uk/
Humbul Humanities Hub http://www.humbul.ac.uk/
More information about the Gnupg-users
mailing list