|
|
|
|
|
|
by parenthephobia
3130 days ago
|
|
|
If you mean air-gapped literally, that seems unuseful. Wouldn't you want the keys on the computer that's going to use them? And then, wouldn't you want to make it hard to copy the unencrypted private keys? (I'm assuming we're talking about SSH keys.) OTOH, it could be neat to run an ssh agent in a key-holding qube and forward that to whatever qubes need to use your SSH keys, using `ssh-add -c` so that key use must be confirmed in the key-holding qube. |
|
|
https://www.qubes-os.org/doc/split-gpg/