[Gllug] Advice on using gpg

Jon Dye jon at pecorous.co.uk
Mon Mar 20 11:34:28 UTC 2006


I've attempted to use gpg to sign/encrypt my emails several times and I
always run into the same problem.  My email is stored on an IMAP server
at home and I read and send it from several computers using IMAP (over
SSL when remote) and SMTP.  If I'm at home I have access to my secret
gpg key and can sign and encrypt my emails.  If I'm at a remote computer
I don't have access to the key and therefore don't encrypt/sign emails.

I figure that if I'm not consistent with my signing then how are people
supposed to trust my emails.

I've thought about copying my secret key to the other computers
(especially the one at work) but I trust those computers less than my
home computer and don't want to have to revoke my home key if I consider
my remote copies of the key to be at risk.

What other options do I have?  What do other people do? Could I have a
second secret key with the same email address that I use only at work?
I could then sign one from the other and revoke the signatures if
anything bad happens.

I've also thought about putting the key on a USB pendrive that I carry
around but was worried what would happen if I lost my pendrive (which
I've done before).

JD
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug




More information about the GLLUG mailing list