gpg keys on USB drive



I have been reading up on keeping encryption secret keys on a USB thumb drive
so that there is an "air gap" so to speak except when the drive is inserted in
the machine and mounted.

Is it possible to replace all the files in my home directory with symbolic
links to the corresponding files in the USB drive? This seems easy, but how
can I be sure in FreeBSD that the symlinks will always work when the drive is
plugged in? I have noticed that the device is sometimes different depending on
what other USB devices are plugged in and where they are plugged in.

Also, other than the obvious drawback of needing to remember where the drive
is, and plug it in, are there any drawbacks to keeping keysets such as for
OpenSSH, geli providers, GnuPG, KWallet, and BitCoin on a USB drive?

Lastly, using geli to create a passphrase based encrypted provider ON the USB
drive before storing everything on there would increase its security, no?
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"



Relevant Pages

  • file permissions on vfat USB Stick
    ... When plugin a usb stick it is mounted as follows: ... But that has the drawback that all files on that device have execution ... rights. ...
    (Ubuntu)
  • Re: gpg keys on USB drive
    ... what other USB devices are plugged in and where they are plugged in. ... OpenSSH, geli providers, GnuPG, KWallet, and BitCoin on a USB drive? ... with some entries and fire a script to perform whatever ``action'' ...
    (FreeBSD-Security)