Recently I wrote a secret-sharing FUSE filesystem called secretfs. It is read-only and its purpose was purely to allow me to recombine the secret shares which comprise my SSH and GPG private keys.

I now use this filesystem in conjunction with a simple shell script to start the FS when my desktop logs in, to provide me with my GPG and SSH keys whenever my USB key is present.

I created a 3-of-N share of my keys and then placed 2 on my USB key and 1 on each of my laptop, desktop and NAS.

If anyone wants more specific details of how it works, let me know. Otherwise enjoy. (P.S. I ended up removing my SSH key’s passphrase so that once the USB key is present, the ssh key “just works” without having to bother with the ssh agent. Simples)

Comments on this page are closed.