Protecting private key on USB flash drive: how to? (part 2)

Faramir faramir.cl at gmail.com
Tue May 13 11:53:30 CEST 2008 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

reynt0 escribió:
> On Sat, 10 May 2008, Faramir wrote:
>  . . .
>> image file (and what would look more innocent that a folder with some
>> pretty girls in swimsuits? well, maybe pretty girls without swimsuits).
>  . . .
> 
> Photos of happy puppies and sad puppies?

  Well... probably the puppies would be more suspicious (lol)

  But now I am more interested in following the tutorial "Keeping
primary key safe" than in hiding the keyring... since that way I also
would be protected in the case some malevolent malware takes a copy of
the keyring while I am using it... I would just revocate the subkeys...
  I still need to know a few things... I can "play" with the keyring in
my USB flash drive as often as I need, but I would hate messing my
desktop computer's keyring on daily basis (actually, I don't think I
would be using the USB drive so often, it would be more a "just in case
I need to access the mail when I am not at home"). So I would like to
know if I need to keep a copy of the "disposable" subkeys in order to be
able to read the messages...

  I mean:

  Home computer
- - Primary Key (SC)
 - Subkey1 (s)
 - Subkey2 (e)

  USB keyring
- - #
 - Subkey3 (s)
 - Subkey4 (e)

  Now, if I suspect my USB keyring becomes compromised,  would revocate
Subkeys 3 and 4, and generate Subkeys 5 and 6 to replace them, but...
would I still be able to read messages I received when I was using
subkeys 3 and 4? What happens with my public key each time I add a
subkey? Does it "grows"? It is always exactly the same public key? Since
I am not so sure to know how subkeys are generated, I can't know those
things (and if it involves high level mathematics, probably I would no
understand it, too).

  Maybe the subject is preventing people from reading these messages,
since at least 1 person thought it had gone almost off-topic...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEcBAEBAgAGBQJIKWUaAAoJEIISGkVDGUEOFykIAJr4xdSjGAFF4S8eerfOM7iU
yp29QBTdknjhCxxwceOaW7R2oay+F2pCYdnDlMaT5SJVaJzlrTnPMC82vbmPWTlW
Q8l5iEu//+0lknjcOZtfWhulO+5UV/SPvH/8tQmS4/3E6iWbI5fULg05YO7aoYSL
yRZ6qTE/V1m8yd+RcFM13S4yE9xlOItQ4VVpwbR3FNUDDCQWL9cbTuE/BzXMQWVm
9RNUhVPNFprxcp+1Uwj3KyJ/deQ8rVQzyZnZk/O6JaXpQeXj0yJG86pk9e/GfwLR
0n2XrjZ7G3MolLIg+fB8u9b8S8ojHl4+pY4NOYcZCcBDd04wO0e8z/L6RvFLiI4=
=6Z+M
-----END PGP SIGNATURE-----

More information about the Gnupg-users mailing list