| View previous topic :: View next topic |
| Author |
Message |
daff
Apprentice
Joined: 02 Jul 2003
Posts: 232
Location: Vienna, Austria
|
 Posted: Fri Jan 06, 2006 11:38 pm Post subject: GPG keys and multiple computers (desktop and laptops) SOLVED |
 |
|
I just read the Gentoo GnuPG user guide and created my public and private key pair. I set up gpg-agent and pinentry and everything works fine with evolution, mutt, Licq, Psi and the like. I have also added and signed several public keys from other people I know. No major problems there.
But that's all on my desktop PC. How would I go about to use GPG on my laptop then? Do I just copy the ~/.gnupg directory from the desktop over to my laptop? It seems wrong to me to create another public/private key pair on my laptop. Wouldn't that be like having two (same) identities? And how about all the public keys I already added and signed? Would I have to add and sign them again? And how would I synchronize the signed keys between desktop and laptop?
Are there any guidelines to follow for situations like this? Any HOWTOs?
TIA!
_________________
Instead of asking why a piece of software is using 1970s technology,
start asking why software is ignoring 30 years of accumulated wisdom.
Last edited by daff on Tue Jan 17, 2006 10:31 pm; edited 1 time in total |
|
| Back to top |
|
 |
egberts
Guru
Joined: 04 Nov 2003
Posts: 359
Location: Dimmed Cathode Ray Tube
|
| Posted: Sun Jan 08, 2006 7:52 am Post subject: HOWTO - GnuPG on multiple computers |
|
|
Couple of steps:
Two methods of transporting private keys on a token:
1. USB Drive - You will want to investigate in buying a USB Key Drive...to contain your private keys...
2. SmartDrive - http://www.gnupg.org/(en)/howtos/card-howto/en/smartcard-howto-single.html
I'll assume the USB Drive method here after.
To automounting that USB Drive, we'll need usbmount package.
At this point, inserting your USB drive will cause a new mount point called /media/usb0
Copy your user account's GnuPG keyfile to the USB Drive (don't move it yet, we gotta test this)
| Code: | # cp ~/.gnupg /media/usb
or
# cp ~/.gnupg /media/usb0
|
To start using your user account's GnuPG's directory, just to point to the new GnuPG Home directory which is your USB drive path whenever you start GnuPG.
| Code: | | # gnupg --homedir /media/usb |
This step can be problematic as one can forget to add the --homedir... I suggest you make yourself a nice lil' script to do this for you.. We'll call this new command: gp
| Code: | #!/bin/bash
# gpg --homedir ${1} ${2} ${3} ${4} ${5} ${6} ${7} ${8} ${9} |
Since you'll probably have some machines at work... you'll need to learn how to use subkeys so that your primary key's private isn't at risk. So check out this URL. http://fortytwo.ch/gpg/subkeys
[/url]
Reference:
http://www.gentoo.org/doc/en/gnupg-user.xml
_________________
Clusters of Fry's Special, AMD 2200, 2 GB DDR, 220 GB (2008.1/desktop, stage 1, -O3) x8
HP Compaq Fry's SPecial, AMD 2100, 2 GB DDR, 260 GB (2008.0/server, stage 1, -O3)
Ultra Sparc 5, 256MB, 3GB (2006.1/server, stage 1, -O3) |
|
| Back to top |
|
|
daff
Apprentice
Joined: 02 Jul 2003
Posts: 232
Location: Vienna, Austria
|
| Posted: Sun Jan 08, 2006 5:13 pm Post subject: |
|
|
Thanks for the reply and the detailed instructions!
I already found some information on this topic in the gnupg-users mailing list. Seems that when you trust your computers (i.e. nobody else has easy access) you can just keep copies of your ~/.gnupg directory on all of them. You just have to make sure that they are synchronised with each other. The idea with the USB stick also came up, with ~/.gnupg being a softlink to the .gnupg directory on the USB stick.
So there are a few methods one could use. I am glad, however, that my initial questions about the usage of GnuPG on different machines are now answered.
Thanks again!
_________________
Instead of asking why a piece of software is using 1970s technology,
start asking why software is ignoring 30 years of accumulated wisdom. |
|
| Back to top |
|
|
adsmith
Veteran
Joined: 26 Sep 2004
Posts: 1386
Location: NC, USA
|
| Posted: Tue Jan 17, 2006 9:22 pm Post subject: |
|
|
Question for you:
how did you get mutt to use gpg-agent? |
|
| Back to top |
|
|
daff
Apprentice
Joined: 02 Jul 2003
Posts: 232
Location: Vienna, Austria
|
| Posted: Tue Jan 17, 2006 9:29 pm Post subject: |
|
|
I didn't, apparently. Mutt seems to ignore any agent and only cache passphrases for itself, as long as mutt session runs (or not as long). I use evolution as my main mail client, which is working fine with gpg-agent.
_________________
Instead of asking why a piece of software is using 1970s technology,
start asking why software is ignoring 30 years of accumulated wisdom. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
