Using PGP to encrypt files on my HD

irlforum

Hi guys,
I said I would write this post in this subforum as I imagine that people here would know more about this subject. I am actually using PGP on windows at the moment but am considering moving to linux in the future due to the danger or spyware, malware, keyloggers.

At the moment I am using gpg4win and am using Kleopatra as my GUI key mangement and tool for encrypting and unencrypting files.

The main reason for using this is I want to start managing personal information including various passwords for different things in a central location. I have created an open office spreadsheet to do this.

The problem is this - when I create my file obviously I have to save it onto my hard disk and when I unencrypt it temporarily to view it saves the file on the hard disk.

I'm abit paranoid that I may have trojans on my machine or the likes and that they could get my file at this stage.

When I am finished viewing the file I put it through an app called freeraser which overwrites the space on the HD with random data.

Overall I think I have an ok setup but I am wondering if there are ways I can make it more secure.

Also what are peoples opinions on using firefox to store passwords for different sites?

Just a thought:
You would think it would be an alright idea to have a mobile PGP device that is not connected to any network at all. Secure and then you have it with you all the time aswell.

ravydavygravy

I have any important passwords saved in a txt file on my USB key. Its encrypted with gpg, and the private key is on my work PC (the important passwords are generally for work stuff). When I need to look in the file, I just plug in the USB stick and type:

gpg -d /media/usbkey/pw.gpg

Type in my passphrase and the data is displayed on a screen. Its not stored in a temp file and its gone when I close my terminal.

BUT, theres very little in my file - mainly legacy passwords (in case I ever find a server that's using an old password - rare, but sometimes happens) and 1 or 2 really difficult passwords for internet facing servers (20+ chars...). The best password security is your head - I remember the 9-10 important passwords I need to use on a regular basis, by having decent mnenonics for them.

Dave

irlforum

I'd better get a USB key for the job. For my passwords I doubt anyone would ever been interested in going to the trouble of breaking a 2048bit key.

May be different for work if you were trying to keep track of company passwords though.

irlforum

Changed my mind on this - gonna get everything into my head and limit any sort of saved personal details on my machine. Need to look into the mnenonics thing.

blubloblu

There's software that's made for this purpose. Google 'password manager'

Firefox doesn't encrypt afaik.

GPG isn't great for encrypting files, it's geared better for communication. Truecrypt on windows works well. Scramdisk For Linux is compatible.

mehmeh12

blubloblu wrote: »

There's software that's made for this purpose. Google 'password manager'

Firefox doesn't encrypt afaik.

GPG isn't great for encrypting files, it's geared better for communication. Truecrypt on windows works well. Scramdisk For Linux is compatible.

I always thought GPG was for encrypting email messages only...

Truecrypt is multi os supported.Though is the default encryption AES 256 bit secure enough with just a long password-or should i being using keys as well?