Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month, online, via Jitsi Meet.

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] Sharing gnupg keyring among computers



On Mon, Sep 25, 2017 at 02:17:23PM -0400, Richard Pieri wrote:
> On 9/25/2017 9:30 AM, Chuck Anderson wrote:
> > You could use something like YubiKey to store GPG keys.
> 
> You can, but I'm not sure that USB anything is a good idea for GPG keys.
> If you trust the computer enough to unlock your keys on it then the fob
> isn't adding any security to the workflow, but it adds complexity and
> inconvenience. If you don't trust that computer then plugging writable
> storage into it is a very bad idea.

YubiKey isn't simply a writable USB mass storage device.  It is purpose-designed to store secrets securely.  They also make a NFC version.

It does add security, because it is a 2nd factor (something you have).  You can keep the keys separate from the laptop so if the laptop is stolen, they don't have your keys.

If you don't trust the computer you are typing into, they none of what we are discussing can help.



BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org