GPGkeys on usb

I found this blog post (which is unfortunately down atm) Matt Brown: New GPG Subkey / Offline for a few days

One of my Christmas presents was a brand spanking new USB key. For quite a while I’d been planning to put my SSH / GPG keys off onto something like this for some extra security.

I’ll write up the exact steps of how I achieved my setup in the sometime next week, but it was all fairly easy.

[snip]

All in all I’m quite liking the new setup, plug usb key in, password dialog pops up for SSH key, enter password, password dialog pops up for GPG signing key, enter password. I then h"

I'm quite interested in seeing what Matt has actually done later, but I've been considering using one of these to actually put the agent code into them.

The private key never leaves the usb device at all - although it is obviously must be saved in some portion of the device. But I would make the key write-only. I would probably also put a physical button on the device which has to pushed for the agent to run. This is to mitigate the weakness in agent-forwarding schemes where root on any machine in a forwading chain can communicate to the real agent or agent device. (This means a root user can masquearde as you. It works because root can always get r/w access to the agents commications channel). By forcing the button to pushed for each authenication attempt it makes more likely that attacks are at least visible to the user.

Unfortunately I understand there is a 'bug' the ssh-agent protocol and it can leak the private key. Which limits this.