Hi Folks- I have two identities with corresponding key pairs, one for work related needs and one for everything else. At the moment the keys for work live on my work machine and my everything else keys live on my laptop which I may or may not have access to at any given moment. The problem is sometimes I need my everything else identity at work and vice versa.
Work is Ubuntu and home is Debian if that makes a difference to anything. The Debian is Wheezy and and the Ubuntu is 14.04. I'm using whichever gnupg is current in the repos NOT gnupg2 (sidebar issue: is there any pressing reason why I should switch to gnupg2?). Both my work and home machines are secure enough: I _think_. The disks are encrypted and the security settings are mostly in the sane to somewhat-paranoid range. I suppose my laptop is vulnerable to theft while I'm in transit but in that state the the disk encryption would be in effect. I _think_ the best scheme would be to combine the two identities onto a single keyring and write that out to an easily transported flash memory device and point gnupg to the to the flash device to find whichever key is needed. I _think_ I'm reasonably comfortable maintaining the security of the portable flash device and would place backups of my key revocation on my home and work machines in order to quickly revoke the keys in the event of loss. FWIW, my private keys have unreasonably long passphrases that I _think_ can withstand brute-forcing for a length of time sufficient for me to discover the loss of my flash device and issue a revocation and take steps to protect any files that may be vulnerable should the key become available in the wild. I have nothing against using a smartcard assuming there is no problem with storing multiple 2048 keys, the card is reasonably inexpensive, and can be had without jumping through hoops to find a vendor. If there is really good reason why using a portable flash device is a bad idea, I'd like to know about it. I read a discussion in the archives about it and concluded that it will likely serve my needs fairly well. So this is not a question about portable flash drives vs. smartcards per se. I _think_ I understand those risks and trade-offs but if there is something I'm missing then, of course, I'd like to know. Mainly, this is a key organization question: what is the best way to organize my identities so that I can access them as needed across my various machines? Thanks very much in advance. -Chris _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
