On Tue, Feb 04, 2014 at 04:18:32PM -0800, Tom Perrine wrote: > I know where I keep mine, but I'm not sure I've been paranoid enough > the past few years :-) > > Where do you store your GPG keyring? Personal or business laptop? Home > or other server? USB or other removable media? In the cloud?
I keep mine on my personal workstations. It doesn't go on something that I don't have physical access/control to. It doesn't go on something I don't own. That means not on an $employer owned device, since we don't use any email encryption or signing at all. > > And more importantly, how did you decide where to keep your keyring? Convenience. At one time I thought about keeping it only on an encrypted USB stick, but then everytime I needed to sign/encrypt something I would need that USB stick. One more thing to carry around and keep up with. Also, my email mostly lives on the server in my basement and is read with mutt, so my key needed to exist there. I use a vim gnupg plugin to edit .asc files that are encrypted with my personal key. It's a handy way to encrypt text files. I actually have plans to use that feature more often in the future. > > At the moment, I keep my keyring on my laptop (with a backup > elsewhere). The machine itself has whole disk encryption, and then > there's the login password, and then keyring passphrase. All the > passwords (phrases) are of a more than usual length and complexity. I > think I've got a pretty good handle on this, but I know some folks who > keep their keyrings on USB drives (often encrypted), and only plug > them in when needed. > > So, anyone want to share? Am I paranoid enough, or too much? > > I'm still deciding on my threat model, so I haven't made a serious > decision about how I'm going to do this in the future. At the moment, > I'm going with what's easy enough, but I may want to change that soon. > > --tep -- Matt Okeson-Harlow http://technomage.net
signature.asc
Description: Digital signature
_______________________________________________ Discuss mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
