[Discuss] Sharing gnupg keyring among computers
Chuck Anderson
cra at WPI.EDU
Mon Sep 25 15:57:17 EDT 2017
On Mon, Sep 25, 2017 at 02:17:23PM -0400, Richard Pieri wrote:
> On 9/25/2017 9:30 AM, Chuck Anderson wrote:
> > You could use something like YubiKey to store GPG keys.
>
> You can, but I'm not sure that USB anything is a good idea for GPG keys.
> If you trust the computer enough to unlock your keys on it then the fob
> isn't adding any security to the workflow, but it adds complexity and
> inconvenience. If you don't trust that computer then plugging writable
> storage into it is a very bad idea.
YubiKey isn't simply a writable USB mass storage device. It is purpose-designed to store secrets securely. They also make a NFC version.
It does add security, because it is a 2nd factor (something you have). You can keep the keys separate from the laptop so if the laptop is stolen, they don't have your keys.
If you don't trust the computer you are typing into, they none of what we are discussing can help.
More information about the Discuss
mailing list