Happy new year

One of my Christmas presents was a brand spanking new USB key. For quite a while I’d been planning to put my SSH / GPG keys off onto something like this for some extra security.

I’ll write up the exact steps of how I achieved my setup in the sometime next week, but it was all fairly easy.

As part of the transition I followed Adrian von Bidder’s guide to multiple subkeys such that I have now a signing key (0×4054AB08) which I keep separately from the private key material of my primary key. My new key fingerprint is below

pub 1024D/59B2D9A0 2005-02-03
Key fingerprint = 6583 A11F 1428 FCDD 65FC C7B5 E0CD 3CDC 59B2 D9A0
uid Matthew G L Brown (Default Key)
uid Matt Brown (Debian Packages)
uid Matt Brown (WLUG Key)
uid Matt Brown (CRCnet Key)
uid [jpeg image of size 4390]
uid Matt Brown (MediaLab Key)
sub 1024g/DF8A0504 2005-02-03
sub 1024D/4054AB08 2006-01-04 [expires: 2008-01-04]

I’ve uploaded the new key to the keyservers, or you can grab it from my key information page.

All in all I’m quite liking the new setup, plug usb key in, password dialog pops up for SSH key, enter password, password dialog pops up for GPG signing key, enter password. I then have both keys stored in the relevant agents easily accessible for signing email / logging into machines. Meanwhile my GPG private key is sitting securely somewhere else. I plan to sign all outgoing email from now on.

Next step is to investigate libpam-ssh for local authentication so that I don’t have to type 3 passwords whenever I login.

Moving House
We’re moving house tommorrow, this means that my DSL connection will be down for a few days while Telecom and my ISP get everything sorted out. Hopefully it will go smoothly and I’ll be back online sometime mid next week.