LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 12-06-2010, 07:15 AM   #1
hakermania
LQ Newbie
 
Registered: Dec 2010
Posts: 4

Rep: Reputation: 0
Question Have my GPG key in another PC?


I want to use my GPG key in order to sign some files in an other PC. I know my passwd of course. How can I do this? Just copy the folder .gnupg to the other machine?
 
Old 12-06-2010, 07:21 AM   #2
andrewthomas
Senior Member
 
Registered: May 2010
Location: Chicago Metro
Distribution: Arch, Gentoo, Slackware
Posts: 1,690

Rep: Reputation: 307Reputation: 307Reputation: 307Reputation: 307
You really just need the secring.gpg file. Just import that file and then set the trust level.
 
1 members found this post helpful.
Old 12-06-2010, 08:11 AM   #3
hakermania
LQ Newbie
 
Registered: Dec 2010
Posts: 4

Original Poster
Rep: Reputation: 0
Question

how do I set the trust level? what's this?
 
Old 12-06-2010, 08:33 AM   #4
andrewthomas
Senior Member
 
Registered: May 2010
Location: Chicago Metro
Distribution: Arch, Gentoo, Slackware
Posts: 1,690

Rep: Reputation: 307Reputation: 307Reputation: 307Reputation: 307
Go to System > Preferences > Passwords and Encryption Keys
Select the My Personal Keys tab, select File > Import and import your secret key.
Then right click on the imported key, and select Properties > Details tab. In actions, select Override owner trust and set to Ultimate.
 
Old 12-06-2010, 09:08 AM   #5
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Ubuntu 10.10, Slackware 64-current
Posts: 2,124

Rep: Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776
If you aren't comfortable leaving your keys on that computer, another option would be to put them on a USB stick. I do this for use at work, where I don't want to leave a copy of my keys. I keep these in an encrypted volume on the memory stick to add an extra layer of protection. The distribution tag says that you are using Ubuntu. The Ubuntu wiki pages have a couple of really good how-to documents that describe the procedure, step by step.
 
1 members found this post helpful.
Old 12-06-2010, 01:30 PM   #6
hakermania
LQ Newbie
 
Registered: Dec 2010
Posts: 4

Original Poster
Rep: Reputation: 0
Question

Quote:
Originally Posted by andrewthomas View Post
Go to System > Preferences > Passwords and Encryption Keys
Select the My Personal Keys tab, select File > Import and import your secret key.
Then right click on the imported key, and select Properties > Details tab. In actions, select Override owner trust and set to Ultimate.
Why to do this? I have a GPG in my current PC but i don't have set a trust level. Is this the reason why it is constantly asking for password when it is to sign the files with my signature?

Quote:
Originally Posted by Noway2 View Post
If you aren't comfortable leaving your keys on that computer, another option would be to put them on a USB stick. I do this for use at work, where I don't want to leave a copy of my keys. I keep these in an encrypted volume on the memory stick to add an extra layer of protection. The distribution tag says that you are using Ubuntu. The Ubuntu wiki pages have a couple of really good how-to documents that describe the procedure, step by step.
Why not to leave a copy of your keys? You need a password in order to sign with a GPG signature a file.
 
Old 12-06-2010, 04:37 PM   #7
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Ubuntu 10.10, Slackware 64-current
Posts: 2,124

Rep: Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776
You are correct, that the password is stored recursively in the key itself and it is needed to obtain useful information with the key. Given time, though, passwords can be cracked. By denying them access to the key, they can't try to brute force the password. Anybody with access to the machine can tell that you have private keys stored on the machine. By putting the keys in an encrypted volume, anyone who gets the USB stick does not know what is in the volume, unless they first crack that layer, given them another hoop to jump through in order to obtain they keys.

Once where I worked, I had a partial compromise by a coworker. I experimented with encrypting my home directory, purely for experimental purposes. Against my better judgment, I permitted the few users of the system to have sudo privilege reasoning that we all worked together and shared the system for common goals. Apparently one of them became curious about my encrypted folder and changed my password, presumably to then gain access. Fortunately, I did not put my private keys on that computer, but I had them on another machine. It was at that point, I decided to put them on a USB stick so that I could use them when I wanted to and then take them with me.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
GPG: Bad session key gpg between gpg on linux and gpg gui on windows XP konqi Linux - Software 1 07-21-2009 10:37 AM
Revoking GPG key with only passphrase and public key djib Linux - Security 2 03-13-2007 04:20 AM
can see gpg key in apt-key, still can't update Dan63043 Ubuntu 2 09-25-2006 12:35 PM
GPG Key Cottsay Linux - Software 3 09-05-2006 03:01 AM
GPG Data, Secret Key but no Public Key? Aeiri Linux - Software 5 07-20-2004 07:00 PM


All times are GMT -5. The time now is 08:59 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration