gpg keys on USB drive



I have been reading up on keeping encryption secret keys on a USB thumb drive
so that there is an "air gap" so to speak except when the drive is inserted in
the machine and mounted.

Is it possible to replace all the files in my home directory with symbolic
links to the corresponding files in the USB drive? This seems easy, but how
can I be sure in FreeBSD that the symlinks will always work when the drive is
plugged in? I have noticed that the device is sometimes different depending on
what other USB devices are plugged in and where they are plugged in.

Also, other than the obvious drawback of needing to remember where the drive
is, and plug it in, are there any drawbacks to keeping keysets such as for
OpenSSH, geli providers, GnuPG, KWallet, and BitCoin on a USB drive?

Lastly, using geli to create a passphrase based encrypted provider ON the USB
drive before storing everything on there would increase its security, no?
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"