Comments on: My GnuPG Locality Solution

By: gimi

gimi — Mon, 05 Oct 2009 13:50:51 +0000

On recent boxes “swapoff” wouldn’t hurt.

Nice Discussion.

By: Aaron

Aaron — Wed, 21 Feb 2007 05:19:25 +0000

imbrandon-

Hmmm. Good point. I overlooked that aspect. I’ll need to see what I can do to lock the swap down.

By: Aaron

Aaron — Wed, 21 Feb 2007 05:18:22 +0000

Fabian-

Yes. I do need my computer accessible for this to work. As you said, if it’s lost or just powered off, then it is no good to me. However, if it’s turned off, chances are that I have it with me, and I’ll have access to it anyway.

As far as the encrypted loopback, that is a solid solution that I need to look into. It is, however, just making the problem redundant.

By: imbrandon

imbrandon — Wed, 21 Feb 2007 01:46:41 +0000

Also rember in this situation that the computers you are using this on need to have ATLEASTE encrypted swap partitions/files because when you type your gpg-passphrase in to use your key if that memory is swapped out it is stored plaintext in the swaparea.

Just something to think about.

–
Brandon

By: Fabian Rodriguez

Fabian Rodriguez — Tue, 20 Feb 2007 23:40:05 +0000

This supposes you have a Linux workstation / environment, I must have misunderstood your first message.

The only slight problem I see with this method is that you need to have your computer to be able to sign/encrypt/verify anything, and most importantly, if you loose that computer there is absolutely no way (that I know of) to login again and get access to your keys, as you’re using SSH key-based auth.

I think for maximum portability and safety a bootable USB driver with a loopback encrypted FS is still safer (if lost, etc). A full binary-image backup of a 2GB key could be kept at your friends, etc.