air gap private key?
Hubert Kario
hka at qbs.com.pl
Mon Feb 4 12:47:59 CET 2013
On Monday 04 of February 2013 07:26:48 refreshing at tormail.org wrote:
> I could air gap my private key. Put it on a machine with no network
> access. Then replying to mails becomes awful?
>
> This requires transferring incoming mail onto a usb device as text file
> and put it into the other machine. Write an answer, sign and put it back
> on usb an
> finally put it back on the machine with internet.
>
> More paranoids could say that the offline machine could get infected by
> the usb.
>
> To be more paranoid I could not put anything form the online machine to
> the offline machine. Answer without quoting and only store on usb. Never
> import to offline machine should be quite secure?
You need to airgap only your main key, the key used for signing can be stored
on your Internet-connected machine.
if it's compromised, you can just revoke it and issue another key for signing
e-mails
This way all the traffic from the offline machine can be one-way
Regards,
--
Hubert Kario
QBS - Quality Business Software
02-656 Warszawa, ul. Ksawerów 30/85
tel. +48 (22) 646-61-51, 646-74-24
www.qbs.com.pl
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2237 bytes
Desc: not available
URL: </pipermail/attachments/20130204/cdd84dbe/attachment-0001.bin>
More information about the Gnupg-users
mailing list