Securing your keychain and public keys
Hi,
I'm kind of new to GPG and had a question regarding Keychain access. I'm wondering if there's any way to encrypt or secure the public keys in my keychain; essentially, prevent the use of the keychain without a passphrase or encryption key.
Obviously in order to decrypt a message the passphrase for my secret key is required, but if someone were to boot my machine and fire up my keychain, they would see a complete list of the public keys I have imported. What are people's approaches for preventing this?
Cheers
Spork.
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
| ? | Show this help |
|---|---|
| ESC | Blurs the current field |
Comment Form
| r | Focus the comment reply box |
|---|---|
| ^ + ↩ | Submit the comment |
You can use Command ⌘ instead of Control ^ on Mac
Support Staff 1 Posted by Luke Le on 14 Mar, 2012 11:27 PM
Hi Spork,
I'm not sure if your issue is in fact an issue. Public keys are supposed to be uploaded to keyserver for easier distribution.
But if you really don't want to have them on your computer you could copy your .gnupg/pubring.gpg file to a thumb drive and create a symlink to it in your .gnupg folder.
That way if anyone got physical access to your computer, they still wouldn't have access to your public keys.
2 Posted by Spork on 14 Mar, 2012 11:30 PM
Yes, it's not exactly an "issue" per se, I realise it's an edge case. Was just wondering if anybody had any ideas for how one might go about it.
The USB drive is a good idea, thanks Luke.
Support Staff 3 Posted by Luke Le on 14 Mar, 2012 11:35 PM
You can also do the same with your secring.gpg or even the entire .gnupg folder.
We haven't tested this a lot, but let us know how it works for you, so we can
add further support if it doesn't.
Closing this discussion for now.
Feel free to re-open or create a new discussion if you have any further questions :)
Luke Le closed this discussion on 14 Mar, 2012 11:37 PM.