Re: [tlug] Managing PGP keys on multiple machines

[Mike Mazur <mmazur@example.com>]

Hello,

On Mon, 19 May 2008 17:39:59 +0900
Curt Sampson <cjs@example.com> wrote:

> However, if you're toting around a laptop, you really ought to be
> using full disk encryption, or, as I do, encrypting the partitions on
> which you keep data.
> ...
> 
> You might also consider keeping your key on separate media (such as a
> USB flash drive) that you keep with you personally at all times, and
> just mounting it when you need it on your laptop or PC.

On Mon, 19 May 2008 18:22:56 +0900
"Gernot Hassenpflug" <aikishugyo@example.com> wrote:

> You can also cover the future a bit better if you make a retraction
> certificate at the time you create your key. Keep that certificate in
> a safe place. That allows you to at least invalidate the key for
> public use if you think it may be compromised (Yes, that won't protect
> your laptop files encrypted with it if the attacker does manage to get
> to them).

Good suggestions, thanks. But it all comes down to having the private
key in two places, and should it get away from me in either place then
I need to revoke it and generate a new key pair.

I keep thinking whether it would be better to have to separate key
pairs (one for each machine) and use them at the same time, but it
seems too inconvenient for others; ie: which key to encrypt with when
sending me email?

I'll beef up my pass phrase and generate a revocation certificate, that
should cover me in case the sky falls.

Thanks again for your suggestions,
Mike