> The hack Adam Cripps mentioned to locate the secret key only on the
> device using the conf file seems simpler.

Agreed, if it's a real solution. I'm not sure I've ever tried that,
particularly, so I can't say. I just went directly for the "stop the
trigger" approach.

> Just out of curiosity...could the device be reformatted with mkfs?  If
> so, is there any good reason not to make it into a normal ext3 volume?

You can. Whether there's a good reason [not] to do so is relative, of

When I first got a USB keychain I tried reformatting to ext2, but
now I keep it as FAT32 so that I can use the same keyring on any of
my operating systems[1] and with very minimal runtimes[2]. If you're
happily using only systems that speak ext3, then there's probably no
particular reason not to use ext3 on the USB drive -- but for the little
value that it gains you to do so, I'm not sure it makes sense to emplace
that restriction if it's not already there. I haven't found that using
a filesystem more "natural" to the host OS makes usage any more or less

My USB drive has statically-linked gpg executables for several platforms
on it, and multiple keyrings. (That's where "somewhat more complicated"
comes in; there's a shell script driver that accumulates options and
backends and such.) One goal of this arrangement is that I can perform
certain tasks on marginally-trusted systems outside my governance. Using
a broadly-available filesystem helps assure that remains an option, so
that I can consider whether it's wise independently of whether it's
possible. :)

This is perhaps somewhat off-topic, but it explains where my value
system comes from.

[1] Mainly MacOS and a couple of BSDs; but also sundry experimental
    platforms, and Windows and Linux when I must.

[2] For example, booted from floppy or mini-CD.

