Protecting private key on USB flash drive: how to?

[vedaal at hush.com]

Faramir faramir.cl at gmail.com 
wrote on Fri May 9 14:21:41 CEST 2008 :

>I am going to carry gpg in my USB flash drive, 
... I will be carrying my private key with me 
... I'd like to know the suggested way to keep the key safe.


many people have different opinions on this,

fwiw,
here is what i do:

[1] make a true-crypt container just large enough to contain your 
secret keyring (minimum container volume is 19 kb)

[2] encrypt the truecrypt container using a keyfile rather than a 
passphrase

[3] for the keyfile,
(a)use any detached gnupg .sig file that you signed and are keeping 
on your flash drive (e.g. your truecrypt traveller programthat you 
signed)
(b)armor the .sig file using the gnupg --emarmor command
(c)replace the "Comment" string with a good passphrase

use the resulting gnupg enarmored .asc file with your passphrase as 
the comment,
as your keyfile

[4] erase this keyfile after mounting the container

[5] reconstruct it whenever you need to

this has the advantage that your keyfile is not useably present on 
your usb,
but can be re-constructed by you at any time,

[6] when constructing your truecrypt container, create it without 
an extension

[7] when storing it, rename it with an .exe extension
(tends to keep people from clicking on it, or copying it ;-)) )

[8] before mounting the container,
rename it back to what it was, without the .exe extension

truecrypt can be run in Traveller mode without being installed on 
your computer

(i.e. you can intentionally not install it on your laptop,
and just run it from your usb,
and then remove the registry entries after each use, if you want to 

and like to devote extra time to these sorts of things ;-) )


vedaal

any ads or links below this message are added by hushmail without 
my endorsement or awareness of the nature of the link

--
Want to lose weight? Click here for diet help and solutions.
http://tagline.hushmail.com/fc/Ioyw6h4exXzv8ZOGvRoTUMQKAgwxkCfjKbA7lk5vYnEtzzuQ72bAVx/