# GnuPG (win32) on a USB stick

Mon Mar 3 07:00:54 CET 2008

Hi!

nunzky schrieb:
> However, GPG, when run, creates the keyrings and
> conf files on the HDD (documents and settings\appdata). Is it possible to
> avoid this behavior and have GnuPG write those files, say, in its own dir on
> my usb stick? How would I do this?
>
Try using "--homedir U:\path\to\your\keyrings" as an option to every
call to gpg, where U: is the drive letter of your USB stick.
> How secure is this? Are there any
> better ways to do it?
The OpenPGP smartcard might be an idea if you can get it to work on the
computers where you want to use GnuPG. While this is better than relying
on keyfiles with passphrases (which might easily be sniffed by a
keylogger), it still is not 100% secure on a wholly untrustworthy system.
Another option would be to boot into a dedicated system from CD. Knoppix
or the like. The risk here is a hardware keylogger. Furthermore,
depending on the (W)LAN setup, you won't easily have network
connectivity and, of course, it is inconvenient.

This is the general tradeoff: Security vs. convenience.

HTH, Sven