For the past month, I’ve tried a new way to store my SSH and PGP keys that’s worked out well enough that it’s worth writing about…
I chose the Silicon Power J80 Flash Drive for a few reasons: it’s small, water-resistant, and the USB contacts are covered. I have reasonably high confidence that this thing will last for quite some time and stand up to some decently rough conditions.
I’m keeping the flash drive on my person at all times using the Pocket Band. This is a silicone bracelet with a small interior pocket that fits my flash drive beautifully. I’ve had no trouble wearing the band bouldering or weightlifting and only need to take it off to shower.
I used the format-udf project to format the USB drive with the UDF file system. This file system has native read/write support on Windows, OSX, and Linux. UDF’s most important feature is its unix-style file permissions as ssh-agent won’t load any keys that do not have permissions of 600.
Finally, I’ve included the ssh-fob script on the drive which starts up a shell environment with my ssh key loaded. Upon exiting the shell session, ssh-agent is terminated and my key is unloaded from memory.
This is far from perfect security, but it strikes a good balance between security, convenience, and accessibility for me. In the future I plan on looking into products like YubiKey which will likely improve security and be a drop-in replacement for the J80.
