timo.lindfors at iki
Nov 17, 2009, 5:42 AM
Post #1 of 1
(420 views)
Permalink
|
|
sign emails on untrusted computer but keep key material on a separate computer?
|
|
Hi,
I'd like to use my MUA on an a regular desktop computer that also runs
web browsers and other potentially buggy software. I don't want to
have my PGP keys on that computer. However, would it still be possible
for the MUA to ask a separate computer to sign emails for me? (The
separate computer has its own keyboard and display so that I can see
what I am about to sign.)
gpg-agent listens on a unix socket. There's a patch to add unix socket
forwarding support to openssh. However, the gpg-agent protocol only
transmits hash of the message to be signed. This is not enough, I have
no way of knowing what I am actually signing.
1) Could gpg-agent protocol be extended to support sending the
complete message to be signed and not just its hash?
2) Is there already some existing protocol that I could use?
_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users
|
