You will be able to keep your public/private key pairs on a USB stick with a reasonable level of security.
Using this script, you will create a local ssh keystore, use it to decrypt your key, and delete it when you are done.
- OS X, Linux: fully supported
- Windows: some manual intervention required
- Format a USB stick with two partitions (or not) -- one for data ('DATA/'), the other for software ('SW/')
- Copy all versions of aescrypt to
SW/bin/
- Copy fob_init.sh to
SW/bin/
as well - Store keysets in
DATA/keys/{key_folder_name}
- Twist! The private key file was encrypted using
aescrypt -e {private key file}
- Our files are, in fact, called
key.id_rsa.aes
andkey.id_rsa.pub
{PATH}/SW/bin/fob_init.sh
ssh-env
lets you load local keys, provided they were previously encrypted.
Example usage:
ssh-env *.aes