# Establishing a secure online identity with minimal keys

## sirlark

I have numerous computing devices: a laptop, a desktop, a netbook, a mobile phone, an office desktop and numerous accounts on various servers at the office and my university department (I work part time and study part time).

I know enough to set up public keys on all the various machines/accounts so that I can log in via ssh, but I was wondering whether it is possible, and whether it is wise, to use a single private key for ssh, signing email, encrypting email, encrypting files etc.

Practically I think I would need at least two keys, a passwordless one (for the purposes of passwordless ssh) and a password protected one (for signing email, decrypting email/files etc). I've also read that it is a bad idea to use the same key to both sign an email/document and encrypt it. 

What I ultimately want is to establish an online identity with as few keys as possible. Some key or set of keys that can be used to say 'this is me' to whatever might ask, be it authentication for ssh, decryption, encryption, electronic signature.

Is there a common method for doing this? Is there any documentation out there? If not, I would like to write the experience up and post a howto, I figure I can't be alone in wanting to do this.

----------

## sirlark

Part of the problem as I see it is getting various different programs/plugins/extensions to use the same key. For example, how do I get enigmail, off-the-record, and ssh to use the same key?

----------

## Hu

In most cases, it would be simpler to have a separate ssh key than to try to use a single key for everything.  If you want to have a password on the ssh key, you could still use an agent so that you can unlock it once per $time_period instead of unlocking it on every use.

----------

## John R. Graham

There are a pair of security best practices that applies to both private and secret keys that goes like this:A key should be used for only a single purpose.

A key should appear in the minimum number of places necessary to implement the required functionality.There are simple practical reasons why this is so.  So, although what you want to do may be more or less possible, it's ill advised.

Then again, there's another security truism that states, "Security is inversely proportional to convenience."  You have to decide what the right amount of security is.

- John

----------

