Re: [Enigmail] Key management by users, and key use by Enigmail/GPGWin/etc.
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 Hi Philip, > Does the recent news about vulnerability of usb devices to attacks such as > described in 'badusb' [http://srlabs.de/badusb/] mean that the usb reader > into which the gnupg smart card is inserted is also vulnerable to > exploits? Yes. ANY USB device. Personally, I don't use a USB based smart card reader ;-) > If not, what is the essential difference that would make a usb memory > stick compromisable but not the usb smart card reader ? No. The principle difference remains, even for USB based SmartCard readers: even if you hack the (USB based) SmartCard reader, you still are not able to get hold of the secret stored within your private key since this key is even generated in the card, it literally only exists within that card and is only accessible (in terms of being used to compute something) through the card OS commands. Olav - -- The Enigmail Project - OpenPGP Email Security For Mozilla Applications -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (MingW32) Comment: Dies ist eine elektronische Signatur - http://www.enigmail.net/ iQGcBAEBAwAGBQJT45LpAAoJEKGX32tq4e9WET8L/Rxr5JtPbLdF6yhBZmRzJoTz bA/MfKyvK4Uccgq9BEu1Bce60T//SE0uQsLtaRo2qCNOLolUkVOl6630ujTLH+9s TAwFH8UShi3WP6dRgndE9GBS3w6rmygDK2DPkLpUMUBslTyCJtfvz92egR3cScVZ 0NTW2rHSf4pZxieK2KWXLAbq4+epnn7xbvTAFqbUVVQEuwk4BklcSoXYMXksihs9 RQfn1dnXviwLLxPh2S1GiYH/jsAYwjXaHA478tZgnLA/ThmrZm0yH3QpjChew/fu peC4vf2vHCVf64+NslAWLgdRTe42OgIdHEivTXYztYhhRgURx0h5khZ1uR8mB4V3 nbNEZoFJhY/4JuRIo3iJEQoIEJzFIPXayUaESQmFVhebETh12BIblXXCPakEu/B4 Q/nLbMHgEkUPysHOOv7XGetYIvonuu8puSmg9L9OFVQqHUIRAVyBZsyW5X+w0Vzq SFz1Z0xAD7QX4I3TAo0HZDscCN+iL9mLL8/AjhPExw== =Da2t -END PGP SIGNATURE- ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] Key management by users, and key use by Enigmail/GPGWin/etc.
Does the recent news about vulnerability of usb devices to attacks such as described in 'badusb' [*] mean that the usb reader into which the gnupg smart card is inserted is also vulnerable to exploits ? Sure. But the *kind* of exploits are different. If not, what is the essential difference that would make a usb memory stick compromisable but not the usb smart card reader ? Not only did I already answer this, but you included it in your email (as a quote). "Smart cards work by storing the key in a method where it cannot be read by the host computer. Once a key is moved to the smart card, it ceases to exist as anything other than a black box. Data can be sent to the smart card to be decrypted or signed, but the host computer has literally no access to the cryptographic key stored on the smart card. In a USB model, an attacker who can compromise your box can easily acquire your private key: wait for you to plug in the USB dongle and make a covert copy of your keyring. In a smartcard model, an attacker can't easily acquire your private key." ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] Key management by users, and key use by Enigmail/GPGWin/etc.
On 06/08/14 16:24, Robert J. Hansen wrote: > >> I do not get your point here. My proposal is to operate the keyring >> from a USB stick. What is the difference with operating it from a >> smart card? > > Exactly what I said. USB is completely broken as far as security goes. > A USB device cannot be made secure. Thumb drives are malware vectors > par excellence, and with some of the recent attacks which work by > exploiting the firmware things get even nastier and harder to defend > against. If you're concerned about a remote attacker exploiting your > system from afar, you should also be concerned about a remote attacker > rooting your box and exploiting the hell out of your USB stack. > > Smart cards work by storing the key in a method where it cannot be read > by the host computer. Once a key is moved to the smart card, it ceases > to exist as anything other than a black box. Data can be sent to the > smart card to be decrypted or signed, but the host computer has > literally no access to the cryptographic key stored on the smart card. > > In a USB model, an attacker who can compromise your box can easily > acquire your private key: wait for you to plug in the USB dongle and > make a covert copy of your keyring. In a smartcard model, an attacker > can't easily acquire your private key. Does the recent news about vulnerability of usb devices to attacks such as described in 'badusb' [*] mean that the usb reader into which the gnupg smart card is inserted is also vulnerable to exploits ? If not, what is the essential difference that would make a usb memory stick compromisable but not the usb smart card reader ? [*] /srlabs.de/badusb/ 0x23543A63.asc Description: application/pgp-keys signature.asc Description: OpenPGP digital signature ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] Key management by users, and key use by Enigmail/GPGWin/etc.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 08/06/14 10:24, Robert J. Hansen wrote: > Exactly what I said. USB is completely broken as far as security > goes. A USB device cannot be made secure. Thumb drives are malware > vectors par excellence, and with some of the recent attacks which > work by exploiting the firmware things get even nastier and harder > to defend against. If you're concerned about a remote attacker > exploiting your system from afar, you should also be concerned > about a remote attacker rooting your box and exploiting the hell > out of your USB stack. It should also be pointed out that if your system is secure, then storing your keyring on your computer is safe anyway; but if your computer has already been compromised, then storing your keyring on a USB stick, which must be mounted on your already-compromised computer to use it, is AT BEST no more secure than storing the keyring on the computer in the first place was. And it may be *worse*, because the compromised computer may use the USB stick as a vector to compromise other computers you have that were previously secure. - -- Phil Stracchino Babylon Communications ph...@caerllewys.net p...@co.ordinate.org Landline: 603.293.8485 -BEGIN PGP SIGNATURE- Version: GnuPG v2 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEAREIAAYFAlPicqkACgkQ0DfOju+hMkln5gCg+8zZods2Le69kR85aZ6dWNtZ sXwAoJGG8+UcJzeBnaZqYnfQTAegO2Du =Ql9U -END PGP SIGNATURE- ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] Key management by users, and key use by Enigmail/GPGWin/etc.
Clear explanation. Can we go the smartcard route already with GPG/Enigmail? Enigmail works well with smartcards. ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] Key management by users, and key use by Enigmail/GPGWin/etc.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Thanks Olav, Clear explanation. Can we go the smartcard route already with GPG/Enigmail? Thx Roland On 06/08/2014 16:12, Olav Seyfarth wrote: > Hi Roland, > > you no doubt have a need for email encryption. But remember: the chain is only > as strong as its weakest link. > > Robert stated that USB is not going to solve the issue since you cannot trust > it: https://srlabs.de/badusb/ > > > What is the difference with operating it from a smart card? > > The difference between a keyring stored on a USB device and a SmartCard is that > the SmartCard computes crucial operations itself and thus cannot easily be > tampered with. > > The main question ist whether you trust the computer where you plug in the USB > storage device and why this is more secure than storing it on the (encrypted?!) > harddrive. > > > If a smart card gets lost, it can be used by the finder if she knows the > > pincodes. > > Yes. If you employ a simple 4 digit PIN, that'll be a problem. However, OpenPGP > SmartCard PIN should be named Password or Passphrase since it accepts 6-32 char: > http://g10code.com/p-card.html > > The main difference is that you KNOW if your SmartCard is missing while you > would not know if a trojan copied it (and now brute forces your passphrase). > > Olav > > ___ > enigmail-users mailing list > enigmail-users@enigmail.net > To unsubscribe or make changes to your subscription click here: > https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net > > -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.21 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJT4kvGAAoJEK7sXi7Ydij1H1QH/3R6lrcAajwokKA9Zi1xSIef ZIi+vryUx4wfss+4V7Ybk3knDgI29OaH1NS+/X/xGXkSzwD49qlv4W8TQaNq/Zh4 bcPY8ARcoCfgzdc4XMUy760gFT/r4MwB1JEOcHj22kzVCaDUJ46Wgs54X4bq+ioj pOLxyLss9o101MSeG8ngmHtOY3O94+KdZVyafq9r1UvzBBUNuDpjlsXKEeTVfyKr iVmlUuxhJO6tXfQgku+BrgkqNAKA3VDXsk0ajvDb5hKSX/rgILnbLQLz4LeHtvas HR5JXsMwy8woEfjL+hHc+XcDfgRJmBuCf3HskG75R4d0v0Yy+wrZ/DfZ7U+1uB4= =/lNB -END PGP SIGNATURE- ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] Key management by users, and key use by Enigmail/GPGWin/etc.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Got it. Can we go the smartcard route already? Thx Roland On 06/08/2014 16:24, Robert J. Hansen wrote: >> patients and with colleagues, we are legal advisers, we are ..., we >> are who we are and we have secrets, and there are those who want to >> know those secrets. > > Yes. And we're also just normal people sharing barbecue recipes with > our friends. If you're in Texas, then I suppose a barbecue recipe is > considered a national security secret and worth killing to keep private. > In the rest of the country that's just seen as overkill. > > It's definitely true that certain industries and people are at high risk > for intrusions and looting. It's also definitely true that certain > industries and people are at low risk. Let's not go about saying that > *everyone* is at high risk, because not everyone is. > >> I do not get your point here. My proposal is to operate the keyring >> from a USB stick. What is the difference with operating it from a >> smart card? > > Exactly what I said. USB is completely broken as far as security goes. > A USB device cannot be made secure. Thumb drives are malware vectors > par excellence, and with some of the recent attacks which work by > exploiting the firmware things get even nastier and harder to defend > against. If you're concerned about a remote attacker exploiting your > system from afar, you should also be concerned about a remote attacker > rooting your box and exploiting the hell out of your USB stack. > > Smart cards work by storing the key in a method where it cannot be read > by the host computer. Once a key is moved to the smart card, it ceases > to exist as anything other than a black box. Data can be sent to the > smart card to be decrypted or signed, but the host computer has > literally no access to the cryptographic key stored on the smart card. > > In a USB model, an attacker who can compromise your box can easily > acquire your private key: wait for you to plug in the USB dongle and > make a covert copy of your keyring. In a smartcard model, an attacker > can't easily acquire your private key. > > ___ > enigmail-users mailing list > enigmail-users@enigmail.net > To unsubscribe or make changes to your subscription click here: > https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net > > -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.21 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJT4kt5AAoJEK7sXi7Ydij102AIAIItYJXz35XzDUzgbLtz67ZT 4zULH0WBE1HwXHI62u/FDcMV3zK37POYmhFfdoiAVtx8az6PBggmkJIhsO3ruDws hqswKqbl5TNdk2+kqiOMW9RJP1ZjU+gGPFigjk39xHb1KVYj+iG+xSVdQA/NJDVv vZPPRKvV5/fQ0UJuvDR/dfc/QGLd4hxg/yQDTGnKupkH0OQe2MRrgAMk1QnvAJZ4 gJ2BPLXQzrQtsILjrz60RaSQ4PtcYTVgWe80AD75ZrkDPGmxX2077oju10eA8xlB Kuf3d0eIHke3mtH1q2ICl1d4B/e97bKFPwzBMv/avhxXaxeyayHcLsTKaDh5T3k= =pWZa -END PGP SIGNATURE- ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] Key management by users, and key use by Enigmail/GPGWin/etc.
patients and with colleagues, we are legal advisers, we are ..., we are who we are and we have secrets, and there are those who want to know those secrets. Yes. And we're also just normal people sharing barbecue recipes with our friends. If you're in Texas, then I suppose a barbecue recipe is considered a national security secret and worth killing to keep private. In the rest of the country that's just seen as overkill. It's definitely true that certain industries and people are at high risk for intrusions and looting. It's also definitely true that certain industries and people are at low risk. Let's not go about saying that *everyone* is at high risk, because not everyone is. I do not get your point here. My proposal is to operate the keyring from a USB stick. What is the difference with operating it from a smart card? Exactly what I said. USB is completely broken as far as security goes. A USB device cannot be made secure. Thumb drives are malware vectors par excellence, and with some of the recent attacks which work by exploiting the firmware things get even nastier and harder to defend against. If you're concerned about a remote attacker exploiting your system from afar, you should also be concerned about a remote attacker rooting your box and exploiting the hell out of your USB stack. Smart cards work by storing the key in a method where it cannot be read by the host computer. Once a key is moved to the smart card, it ceases to exist as anything other than a black box. Data can be sent to the smart card to be decrypted or signed, but the host computer has literally no access to the cryptographic key stored on the smart card. In a USB model, an attacker who can compromise your box can easily acquire your private key: wait for you to plug in the USB dongle and make a covert copy of your keyring. In a smartcard model, an attacker can't easily acquire your private key. ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] Key management by users, and key use by Enigmail/GPGWin/etc.
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 Hi Roland, you no doubt have a need for email encryption. But remember: the chain is only as strong as its weakest link. Robert stated that USB is not going to solve the issue since you cannot trust it: https://srlabs.de/badusb/ > What is the difference with operating it from a smart card? The difference between a keyring stored on a USB device and a SmartCard is that the SmartCard computes crucial operations itself and thus cannot easily be tampered with. The main question ist whether you trust the computer where you plug in the USB storage device and why this is more secure than storing it on the (encrypted?!) harddrive. > If a smart card gets lost, it can be used by the finder if she knows the > pincodes. Yes. If you employ a simple 4 digit PIN, that'll be a problem. However, OpenPGP SmartCard PIN should be named Password or Passphrase since it accepts 6-32 char: http://g10code.com/p-card.html The main difference is that you KNOW if your SmartCard is missing while you would not know if a trojan copied it (and now brute forces your passphrase). Olav - -- The Enigmail Project - OpenPGP Email Security For Mozilla Applications -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (MingW32) Comment: Dies ist eine elektronische Signatur - http://www.enigmail.net/ iQGcBAEBAwAGBQJT4jfTAAoJEKGX32tq4e9WJXQL/3lJh+RbM36Czv2CPvwMT4RR iloL2lrO5T0eBteTmxCOCTm+VhYgSDu1OOCUngSNn1wkIdJLyAIf1dnqpu0UGpIa qnoiAKpv29iXC8X5CiNVKq5/H1wC6J/FmVgsGoliFuRHh4cvglMiXjQ79ocTtIBf F2UwPobnR3+FsIHWBccpR7EIt+N6rO91DREPssDIFytYs0aa405uj5cFi64m7UZ+ P0MAd4j5CdEAR9Ol/ceKbP48+nmyynHczM90RVXrB4ov9+7HEpQxzf8vmEhF7jhn SzAxWcfr6wdIP+pVKWEUYRzlWla8vUohx9Eu8xOe8MHylGI0DNgz5zCctJ/btCTN 9s9M3VUd8YZsZGFsoa4cdgNECOZ0RI1IICs3fjPJ58rI90G0kZozlv2uPqogdb9B H43hDPzfG1cQ2vsS0mxluBCv2oZuhky+x57iGA+MYXxLOXciVerxsO6fhaYtL7wI GSmzM90BO1aUsfskzc6sMc4N4+1NSWMgkmiyIrzwjQ== =pHMh -END PGP SIGNATURE- ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] Key management by users, and key use by Enigmail/GPGWin/etc.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dear Robert, >> Since we know that our computers are being hacked so often by >> persons and organisations that are curious about our >> communications... > Do we? That seems like rather a leap to me. ... If you're doing something high-risk then yes, > ... Yes we do. Encryption is not only for those who are doing something highly risky, but for all who have to protect secrecy for their own good or for their profession. We are technology developers who communicate with patent attorneys, we are patent attorneys who communicate with patent bureaus, we are medical practitioners who communicate with patients and with colleagues, we are legal advisers, we are ..., we are who we are and we have secrets, and there are those who want to know those secrets. >> Is it a good idea to store our private keys on a USB stick instead of >> having it permanently operational inside Enigmail or GPGWin etc.? > No. USB is inherently broken as far as security goes. If you want to > go this route, use a smartcard. I do not get your point here. My proposal is to operate the keyring from a USB stick. What is the difference with operating it from a smart card? If a smart card gets lost, it can be used by the finder if she knows the pincodes. Doesn't the same apply to a USB stick? Best regards, Roland On 06/08/2014 13:52, Robert J. Hansen wrote: > On 8/6/2014 6:44 AM, Roland Siemons wrote: >> Since we know that our computers are being hacked so often by >> persons and organisations that are curious about our >> communications... > > Do we? That seems like rather a leap to me. There are a couple of > *billion* home computers on the internet right now: even if you assume > tens of thousands of high-end attackers who want to compromise your > communications, it seems unlikely that they would be able to target a > significant fraction of those couple of billion. > > If you're doing something high-risk then yes, you should definitely be > extremely concerned about someone compromising your system in order to > read your email traffic. But otherwise, the people compromising your > system are generally more interested in sending spam than reading your > email. > > By all means, use OpenPGP to secure your email traffic. I think it's a > good idea. But let's try and keep our paranoia connected to reality, > okay? :) > >> a good idea to store our private keys on a USB stick instead of >> having it permanently operational inside Enigmail or GPGWin etc.? > > No. USB is inherently broken as far as security goes. If you want to > go this route, use a smartcard. > > > > ___ > enigmail-users mailing list > enigmail-users@enigmail.net > To unsubscribe or make changes to your subscription click here: > https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.21 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJT4i4rAAoJEK7sXi7Ydij1xOAIAIJnkayIPftn3t/lnKgn3fU9 ov30KNCa5+wc6qQZSCsEWwUXFjU6C4u5pwrjYOWD0agtsbl9WSO6R847TzOoRFeK DfBOxbOkeMe4cBOKpoEEF+z3EZZFvyxWlCi6qtLYWZQAZpsK3pOW0oJ4JjRHh8vJ D4n54GiVyqdE+77HE5LiYI4oyAVEqqTeLwwJxUa7g9SwqgXBqvjOtKBS13i73CYs PrUDC2AnDSuRHOlpYd+QlFbBDIuc1c+UsFbPzSKdep9o2GrfvzpYRaGcR4ILdN7u 73SCNLcWPRO8HtzMgZ9ug5oezVJPG56qsqsUe+nJAn5MfMzq0TK0+e3l0VuCY1Y= =99zU -END PGP SIGNATURE- ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] Key management by users, and key use by Enigmail/GPGWin/etc.
On 8/6/2014 6:44 AM, Roland Siemons wrote: > Since we know that our computers are being hacked so often by > persons and organisations that are curious about our > communications... Do we? That seems like rather a leap to me. There are a couple of *billion* home computers on the internet right now: even if you assume tens of thousands of high-end attackers who want to compromise your communications, it seems unlikely that they would be able to target a significant fraction of those couple of billion. If you're doing something high-risk then yes, you should definitely be extremely concerned about someone compromising your system in order to read your email traffic. But otherwise, the people compromising your system are generally more interested in sending spam than reading your email. By all means, use OpenPGP to secure your email traffic. I think it's a good idea. But let's try and keep our paranoia connected to reality, okay? :) > a good idea to store our private keys on a USB stick instead of > having it permanently operational inside Enigmail or GPGWin etc.? No. USB is inherently broken as far as security goes. If you want to go this route, use a smartcard. smime.p7s Description: S/MIME Cryptographic Signature ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
[Enigmail] Key management by users, and key use by Enigmail/GPGWin/etc.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Resent, due to signature problem Dear Forum, Since we know that our computers are being hacked so often by persons and organisations that are curious about our communications, would it be a good idea to store our private keys on a USB stick instead of having it permanently operational inside Enigmail or GPGWin etc.? And implement those programmes as necessarily requiring the external USB sticked keyring (otherwise no decryption)? Is it already possible to implement the said software in such manner? Best regards, Roland -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.21 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJT4gcHAAoJEK7sXi7Ydij1UkYH/jYnCNAgnR4UqU9RGROt18V0 RFU3i/eXlxsexszZyF40MvmkqqviR7VpCgv5nkXjQRsnj9mt59OOBtb37dTgqs7d jP3705KILTTIqOVFD2K9YEzdFMQF1j+zrz82i2vpn1v96ljUcFQEP/BPll8fNtGx 7UnvFCQqZJPq6xnQbyNqT1gFLfYix7croPfRSR8VRaF++I1JLsUs9cTIjWGHvbHg aMTWaixyR3rLPAZClGt//x3OF6h1SrIfbp/Bz/Hxp0/3kLHTV47HKwo4BaU0oybd OAX4gCwrPQiixP43MWpu2eCN82CoCMAsM3zpbx4HCot7TxjOgCZYo2EBJUNJXnk= =+Zi4 -END PGP SIGNATURE- ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
[Enigmail] Key management by users, and key use by Enigmail/GPGWin/etc.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dear Forum, Since we know that our computers are being hacked so often by persons and organisations that are curious about our communications, would it be a good idea to store our private keys on a USB stick instead of having it permanently operational inside Enigmail or GPGWin etc.? And implement those programmes as necessarily requiring the external USB sticked keyring (otherwise no decryption)? Is it already possible to implement the said software in such manner? Best regards, Roland -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.21 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJT4gRnAAoJEK7sXi7Ydij1KCEIALMcySGcp5MrvdWEj6ZNY/sh l1gsJEu8wxQbPvcCj2Hl3yYR0kPDlnZ7LHjF/Fh2r/OTsLnL2BmYPjJNzCybLNz6 M3r7/5OiAfzMPt0+/ttjwR86affPTtlz2xWwuLApWtip63n+4Gexg1utBzVrPKpw nSpnGlY3Qh9J7erNUC5LAD1+uuCKkBU1dtlQY/lvodtU3lToRxTrY6LvMMDt7KJL C6Pw6BUGMjqg0YLDAiC6Ic36xVqI0AYCJl0ouCnyRSVGnjVbjbrEvhT0vdYqYcKR pFwEKXTs3feoHw/Glr0WQ6GsQIZ2Xokt10XH4JbzBkq56W5gy2KPDFsHrzghCv0= =0iYB -END PGP SIGNATURE- ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net