Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 13 Mar 2001 16:15:20 +0000
From:      Adam Laurie <adam@algroup.co.uk>
To:        Poul-Henning Kamp <phk@critter.freebsd.dk>
Cc:        Terje Elde <terje@thinksec.no>, Daniel Hagan <dhagan@colltech.com>, freebsd-security@FreeBSD.ORG
Subject:   Re: iButton Development
Message-ID:  <3AAE4798.C7C457E4@algroup.co.uk>
References:  <7857.984495569@critter>
next in thread | previous in thread | raw e-mail | index | archive | help 
Poul-Henning Kamp wrote:
> 
> My share in this is mostly the monitoring gadgets with the 1wire
> products, but given working software I would probably put my pgp
> key somewhere more safe as well.

the iblab test programs provide enough functionality to do this... a
very simple setup is:

create a new pgp private key for your laptop. use it to encrypt your
"real" pgp keyring/ssh keys/whatever and copy the resulting file to the
ibutton. you only EVER use the new keypair for this purpose. when you
need to use your real key, you copy it back of the ibutton, onto
ramdisk, decrypt it, use it, blow away your ramdisk (all nicely wrapped
in a shellscript of course)...

this way, you can take your laptop and your ibutton on the road with
you... if you lose the ibutton it doesn't matter because it's encrypted
with a one-time throw away key that only exists on your laptop, which
you immediately delete. if you lose your laptop, you've lost a key that
was only ever used to encrypt something on your ibutton which you now
overwrite with a new one.

this assumes, of course, that you've stored your "real" original keys
somewhere *really* safe... deep underground, blast doors, bullet proof
glass, etc. etc... you know the kind of thing....  :)

cheers,
Adam
--
Adam Laurie                   Tel: +44 (20) 8742 0755
A.L. Digital Ltd.             Fax: +44 (20) 8742 5995
Voysey House                  http://www.thebunker.net
Barley Mow Passage            http://www.aldigital.co.uk
London W4 4GB                 mailto:adam@algroup.co.uk
UNITED KINGDOM                PGP key on keyservers

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3AAE4798.C7C457E4>