GnuPG (win32) on a USB stick

Sven Radde email at sven-radde.de
Mon Mar 3 07:00:54 CET 2008


Hi!

nunzky schrieb:
> However, GPG, when run, creates the keyrings and
> conf files on the HDD (documents and settings\appdata). Is it possible to
> avoid this behavior and have GnuPG write those files, say, in its own dir on
> my usb stick? How would I do this?
>   
Try using "--homedir U:\path\to\your\keyrings" as an option to every 
call to gpg, where U: is the drive letter of your USB stick.
> How secure is this? Are there any
> better ways to do it?
The OpenPGP smartcard might be an idea if you can get it to work on the 
computers where you want to use GnuPG. While this is better than relying 
on keyfiles with passphrases (which might easily be sniffed by a 
keylogger), it still is not 100% secure on a wholly untrustworthy system.
Another option would be to boot into a dedicated system from CD. Knoppix 
or the like. The risk here is a hardware keylogger. Furthermore, 
depending on the (W)LAN setup, you won't easily have network 
connectivity and, of course, it is inconvenient.

This is the general tradeoff: Security vs. convenience.

HTH, Sven



More information about the Gnupg-users mailing list