Moving all the keyfiles from the users directory to a secure (encrypted) container
OpenPGP addon for Mozilla Thunderbird
Brought to you by:
pbrunschwig
Menu
▾
▴
My install details:
Windows 7 professional
Enigmail version 1.9.6.1 (20161116-1713)
Gpg4Win v2.3.3, gpg v2.0.30
libgcrypt 1.6.6
The keyfiles are saved in the "user" folder (what I call the "Windows black hole" - I despise that folder). I was surprised to learn that all the keys (private and public) are in this folder. If my laptop get stolen (happened once before, btw) somebody would have access to all of my keys. That is bad... My goal is to move these keys to a secure encrypted container.
I found some references somewhere on how to move the location of this folder and set the correct pointers, however that information is way outdated. Rather than bore you further with any more details, how is this done? Is this possible?
thanks!
They'd have access to an encrypted copy of your keys, the exact same as
if you stored them in an encrypted container. Private keys are never
stored in plaintext. If you have a strong passphrase, then even if
someone steals your laptop your keys are safe.
Yes, I understand the keys themselves are encrypted - and if they import that key set into enigmail they would know my email address and all the email addresses of everyone I correspond with. When someone steals my computer I want them to gain no knowlege of such information (my thunderbird profile is in an encrypted container).
However, on the flip side your response was extremely inspirational - I initiated my conversion to Linux a year ahead of schedule. Only one more computer to convert. Windows will be sandboxed in a VM for the rare moments that I need it.
thank you, Rob!!
fwiw: I discovered that with Windows 7 Pro you can encrypt individual folders in the user's directory via a right-click. The encryption algorithm is weak, but it is better than nothing. Linux gives the option of encrypting the entire home directory with AES-256 during installation.