[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20111003091430.GA13919@home.goodmis.org>
Date: Mon, 3 Oct 2011 05:14:30 -0400
From: Steven Rostedt <rostedt@...dmis.org>
To: Greg KH <greg@...ah.com>
Cc: Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
"H. Peter Anvin" <hpa@...or.com>
Subject: Re: kernel.org status: establishing a PGP web of trust
On Sat, Oct 01, 2011 at 07:05:19AM -0700, Greg KH wrote:
>
> I would recommend a physical access device for your new gpg key that you
> create. I've heard good things about this USB device:
> http://www.crypto-stick.org/
> and am trying to have a bunch of them at the Kernel Summit this year to
> hand out to people if they want one.
Hmm, if I'm going to get one at KS, should I stop getting signed keys
now? A few of us have already started the GPG song and dance to get
signed keys over the phone (where we know each other enough to know
phone numbers and recognize voices).
But I did it all wrong. I have a 4k RSA key for both signing and
encrypting with no revoke generated and no expiration. The key is
currently on one of my machines, which I was about to move to an
encrypted usb device.
If I can get one of these devices, it sounds like I should create a new
key on it as my master key and start using subkeys as described in the
debian link that someone posted before. Then at the keysigning I would
just use the key from this device.
>
> There are also lots of other smart-card form-factor devices that can be
> used to store GPG keys. Some places to purchase these can be found at
> links from the above site.
I just pulled out an old GNU GPG card I had, and unfortunately it only
supports 1024 RSA keys.
-- Steve
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists