From: Heinz Diehl <htd+ml@fritha.org>
To: linux-kernel@vger.kernel.org
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
Gleb Natapov <gleb@kernel.org>,
Christoffer Dall <christoffer.dall@linaro.org>,
Christian Borntraeger <borntraeger@de.ibm.com>,
Cornelia Huck <cornelia.huck@de.ibm.com>,
Marc Zyngier <marc.zyngier@arm.com>,
Alexander Graf <agraf@suse.de>, Avi Kivity <avi.kivity@gmail.com>,
stefano.stabellini@eu.citrix.com,
Laszlo Ersek <lersek@redhat.com>, KVM list <kvm@vger.kernel.org>,
konstantin@linuxfoundation.org
Subject: Re: new GPG key
Date: Sat, 18 Oct 2014 17:42:11 +0200 [thread overview]
Message-ID: <20141018154211.GA4426@fritha.org> (raw)
In-Reply-To: <432661354.65688167.1413642451475.JavaMail.zimbra@redhat.com>
On 18.10.2014, Paolo Bonzini wrote:
> 5) Get a smartcard or a Yubikey NEO and put the subkeys on it; replace
> subkeys with stubs on your usual working machines, especially laptops. It
> gives you two factor authentication for free, and can also be used for
> SSH if you add a third subkey.
AFAICS, a lot of the lkml people use the mutt MUA, which does not have
any password encryption natively. In this case, the smartcard
has another advantage: you can have your email password encrypted
and use it without having to enter a long and complicated passphrase.
In case your laptop gets stolen while travelling, the password to your
email is protected.
Here's what I did:
1. Generate a password file and assign the password to a variable.
touch .my-pw
echo "set my_pw_imap = \"your-long-and-random-password\"" > .my-pw
2. Encrypt this file to your own public key and shred the unencrypted textfile
3. Source the password file into .muttrc and set the imap password
variable by writing something like this into your .muttrc:
source "gpg2 -dq $HOME/.my-pw.asc |"
set imap_pass=$my_pw_imap
Now, if you start mutt and it connects to your IMAP server, you'll be
prompted for your smartcards PIN, and that's it. In case your
laptop gets stolen while you're travelling and you don't have access
to the net (because all the other things in your bag like your mobile
also got stolen), it will spare you the situation where the thief
already had logged into your email and changed your password when
you finally managed to connect to the net again.
Sorry for being OT, but I have encountered such a situation before and
it got me into serious trouble, so I dared to share this with you.
next prev parent reply other threads:[~2014-10-18 15:42 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-10-18 14:27 new GPG key Paolo Bonzini
2014-10-18 15:42 ` Heinz Diehl [this message]
2014-10-20 18:33 ` Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20141018154211.GA4426@fritha.org \
--to=htd+ml@fritha.org \
--cc=agraf@suse.de \
--cc=avi.kivity@gmail.com \
--cc=borntraeger@de.ibm.com \
--cc=christoffer.dall@linaro.org \
--cc=cornelia.huck@de.ibm.com \
--cc=gleb@kernel.org \
--cc=konstantin@linuxfoundation.org \
--cc=kvm@vger.kernel.org \
--cc=lersek@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=marc.zyngier@arm.com \
--cc=stefano.stabellini@eu.citrix.com \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox