0

Suppose I have a set of computers with variegate level of trust (for example):

  • I fully trust my own desktop pc at home
  • I trust a bit also my smartphone, but I know it could be stolen
  • I trust a bit also our "family laptop" where a login exists for me, one for my wife and one for each of my daughters
  • I don't trust so much the working laptop at office, since I've no control on the operating system

I have to use OTR chats and mail encryption/decriptions/signing on all these machines, but since I don't fully trust all of them, I don't want to store copies of my private key in them. I could use a smartcard but at office I can't plug it in and I cannot use it with the smartphone.

The simplest solution that I can think of, is to create a different key pair for each machine/account and share them to my buddies so that, if a machine is compromised all the others keys are still usable. However is is a pain for my buddies and complicate my chances to build a solid web of trust.

Is there any better alternative?

Giacomo Tesio
  • 371
  • 1
  • 2
  • 7
  • 2
    Are you already familiar with subkeys in PGP? – IQAndreas Dec 09 '14 at 15:49
  • Not at all. But I wasn't unable to understand if they are designed to solve this "multiple machines" problem. – Giacomo Tesio Dec 09 '14 at 15:51
  • 1
    Have a look at [What is a good general purpose GnuPG key setup?](http://security.stackexchange.com/q/31594/19837) and [How many GPG keys should I make?](http://security.stackexchange.com/q/29851/19837). – Jens Erat Dec 09 '14 at 16:24

0 Answers0