l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
August 5: Social gathering
Next Installfest:
TBD
Latest News:
Jul. 4: July, August and September: Security, Photography and Programming for Kids
Page last updated:
2005 Jan 23 22:36

The following is an archive of a post made to our 'vox mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox] PGP question: Multiple Machines
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox] PGP question: Multiple Machines



on Wed, Jan 19, 2005 at 09:01:09AM -0800, Ken Bloom (kabloom@ucdavis.edu) wrote:
> On Wed, 19 Jan 2005 03:28:43 -0800
> "Karsten M. Self" <kmself@ix.netcom.com> wrote:
> 
> > on Tue, Jan 18, 2005 at 08:57:17AM -0800, Richard S. Crawford
> > (rscrawford@mossroot.com) wrote:
> > > I started playing with PGP over the weekend, and I'm having fun
> > > using KMail at home to sign my e-mail and encrypt documents and
> > > generally have a good time.
> > > 
> > > But since I use at least three different computers to access and
> > > send e-mail and documents -- my FC3 desktop, my WinXP/FC3 laptop,
> > > and my Win2K desktop at work -- how would I address the issue of
> > > signing e-mails when my secret key is only on one of those three
> > > machines? Would I use a different key?  I certainly don't feel
> > > comfortable copying the secret key from one computer to another,
> > > even over SSH, since that feels like defeating the purpose to me.
> > > 
> > > ...Or am I missing something fundamental about how all this works?
> > > 
> > > (Obviously, since this e-mail is sent via Squirrelmail from my
> > > desktop at work, it's not signed.)
> > 
> > My own preferred option is to have a remotely accessible shell account
> > with which I can access email and signing keys.  Not always possible,
> > and yes, this has its own disadvantages (do you trust the link between
> > yourself and the remote host for your passphrase?).
> > 
> > Another option is signing subkeys.
> > 
> > 
> > Note that this only works for _signing_ outbound email.  Reading
> > encrypted email requires you have the key the sending party used.  
> > 
> > However, you can generate subkeys of your own signature which _you_
> > can use to _send_ signed mail from various hosts.
> > 
> > More on this:
> > 
> >     http://fortytwo.ch/gpg/subkeys
> > 
> > ...or Google around.
> > 
> > Haven't used it myself.  Might make a neat talk topic ;-)
> 
> So that's why subkeys.pgp.net has that name -- because it's the set of
> all keyservers that can handle the (newer) subkey features of GPG.

Could be, not familiar with it.

But your raise a good point:  not all PKI solutions can deal with
subkeys, the references above specifically mention some PGP versions.


Peace.

-- 
Karsten M. Self <kmself@ix.netcom.com>        http://kmself.home.netcom.com/
 What Part of "Gestalt" don't you understand?
    The support contract said RHEL 3.0 or better, so I installed Debian
    - Peter Samuelson

Attachment: signature.asc
Description: Digital signature

_______________________________________________
vox mailing list
vox@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox


LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
O'Reilly and Associates
For numerous book donations.