gnupg clearsigning question

Mica Mijatovic blueness at
Thu Dec 28 22:14:31 CET 2006

Hash: SHA224

    Was Thu, 28 Dec 2006, at 10:14:53 -0500,
    when vedaal at wrote:

> (1) the simplest:
> just encrypt the keyfile, and decrypt it when necessary
> (the problem is that this calls attention to itself, by having an
> encrypted file present, and authorities can demand the key, or the
> session key, and recover the file)

Put it into a TrueCrypt container (it has no "head[er]" nor a "tail" --
which is a good strategy for a possible future GPGDisk by the way, no
matter who will make it) without extension, and you always may tell that
you can't recall the password. It happens indeed now and then, so that
it will not be suspicious much, and besides you may hint discretely that
probably you can't recall it due to the stress they have exposed you to
(whenever they frighten you, you forget a handful of passwords).

Simplest things work best.

Seriously. Acting insanity (or stupidness) in all this similar
environment makes nothing suspicious, and thus the mimicry result shows
as something quite natural and well composed in.

We always should remember and find a resort in the fact that software
has its (technical) limits, but the human mind (by default, at least) is
limitless (having thus "all possibilities" at disposal). So this is a
ground for an excellent and invincible strategy.

- --
~~~ For personal mail please use my address as it is *exactly* given
    in my "From" field, otherwise it will not reach me. ~~~
GPG keys/docs/software at:
Elevators smell different to midgets.


More information about the Gnupg-users mailing list