(www.qubes-os.org)

441 points ploggingdev | 2 comments | 19 Nov 17 16:06 UTC | HN request time: 3.391s | source

Show context

qrbLPHiKpiux ◴[19 Nov 17 18:54 UTC] No.15735260[source]▶

Fun fact. The developer does not believe in using a password on her private keys.

trizinix ◴[19 Nov 17 18:57 UTC] No.15735272[source]▶

If you have your keys on an air gapped computer with an encrypted hard-disk, I don't see the need to use an additional password on the private keys.

replies(3): >>15735321 #>>15735444 #>>15735846 #

1. parenthephobia ◴[19 Nov 17 20:46 UTC] No.15735846[source]▶

>>15735272 #

If you mean air-gapped literally, that seems unuseful.

Wouldn't you want the keys on the computer that's going to use them? And then, wouldn't you want to make it hard to copy the unencrypted private keys?

(I'm assuming we're talking about SSH keys.)

OTOH, it could be neat to run an ssh agent in a key-holding qube and forward that to whatever qubes need to use your SSH keys, using `ssh-add -c` so that key use must be confirmed in the key-holding qube.

replies(1): >>15735969 #

2. goatsi ◴[19 Nov 17 21:12 UTC] No.15735969[source]▶

>>15735846 (TP) #

Sound exactly like split-GPG

https://www.qubes-os.org/doc/split-gpg/

↑

Qubes OS: A reasonably secure operating system