Date: Fri, 17 Jun 2011 21:23:43 -0400 From: Robert Simmons <rsimmons0@gmail.com> To: freebsd-security@freebsd.org Subject: gpg keys on USB drive Message-ID: <201106172123.44466.rsimmons0@gmail.com>
next in thread | raw e-mail | index | archive | help
I have been reading up on keeping encryption secret keys on a USB thumb drive so that there is an "air gap" so to speak except when the drive is inserted in the machine and mounted. Is it possible to replace all the files in my home directory with symbolic links to the corresponding files in the USB drive? This seems easy, but how can I be sure in FreeBSD that the symlinks will always work when the drive is plugged in? I have noticed that the device is sometimes different depending on what other USB devices are plugged in and where they are plugged in. Also, other than the obvious drawback of needing to remember where the drive is, and plug it in, are there any drawbacks to keeping keysets such as for OpenSSH, geli providers, GnuPG, KWallet, and BitCoin on a USB drive? Lastly, using geli to create a passphrase based encrypted provider ON the USB drive before storing everything on there would increase its security, no?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201106172123.44466.rsimmons0>