mobile GPG installation

Burns burns@runbox.com
Sun May 11 07:49:02 2003 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> On Saturday 10 May 2003 00:49, Michael Nahrath wrote: 
> > Is there a way to make a fully running GPG-installation on a
USB 
> > stick or some other removable medium? Simply plug in your stick
and 
> > use the GPG application and your own keyrings from it directly,

> > without any local installation or permanent changes required. 
> > 
> > Best of all was a FAT32 formatted medium that contains several 
> > installations for different OSes, but (like it or not ...)
Windows 
> > was the most important platform. 
> 
> You should have a look at Knoppix. It boots Linux on almost 
> any PC from CD without writing anything to the hard disks. So 
> it's pretty secure. If you don't trust the packagers of the 
> downloadable Knoppix cdimage then simply make your own one. 
> This is definitely as secure as it gets if you have to use a 
> PC which is not your own one. I would still put my secret 
> keyring on a small medium like a USB stick because then you 
> can even let your friends play around with your Knoppix 
> without risking that your secret keys are stolen and because 
> the data on a USB stick can be changed much more easily.
> 
> Regards,
> Ingo

If you can install GnuPG on a Windows machine, but you just don't
want to LEAVE your private keys there, this is one way to do it:

Change homedir (in the registry) to "A:\gpgsec" (trust file and
random seed file will be here from now on, along with your own
keypairs)

Leave the executables in "C\GnuPG" (for example)

GnuPG lets you use multiple keyrings, like, this in your gpg.conf
file:

no-default-keyring
keyring C:\gpgpub\pubring.gpg
secret-keyring C:\gpgpub\secring.gpg
keyring A:\gpgsec\pubring.gpg
secret-keyring A:\gpgsec\secring.gpg

In this case, C:\gpgpub\pubring.gpg holds your common public keys
(that take up a lot of room) and C:\gpgpub\secring.gpg is just an
empty file.

Your keypairs (public and private) would be on the 3-1/2" floppy in
A: that you take with you.

When you run gpg, the floppy has to be there, and you might have
to update the trust file (if others have access to gpg too) but I
think
this works.

Somebody, let me know if I'm giving bad advice here.

Randy


-----BEGIN PGP SIGNATURE-----

iD8DBQE+veRdhNLaTSzsrh8RAhlaAKDH51GdLeCvQmVux8bOZanoFpcXGQCgmYIV
lD2f2SRE0MxF9cDI/L2K1X4=
=Bs0D
-----END PGP SIGNATURE-----