air gap private key?

Hubert Kario hka at
Mon Feb 4 12:47:59 CET 2013

On Monday 04 of February 2013 07:26:48 refreshing at wrote:
> I could air gap my private key. Put it on a machine with no network
> access. Then replying to mails becomes awful?
> This requires transferring incoming mail onto a usb device as text file
> and put it into the other machine. Write an answer, sign and put it back
> on usb an
> finally put it back on the machine with internet.
> More paranoids could say that the offline machine could get infected by
> the usb.
> To be more paranoid I could not put anything form the online machine to
> the offline machine. Answer without quoting and only store on usb. Never
> import to offline machine should be quite secure?

You need to airgap only your main key, the key used for signing can be stored 
on your Internet-connected machine.

if it's compromised, you can just revoke it and issue another key for signing 

This way all the traffic from the offline machine can be one-way

Hubert Kario
QBS - Quality Business Software
02-656 Warszawa, ul. Ksawerów 30/85
tel. +48 (22) 646-61-51, 646-74-24
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2237 bytes
Desc: not available
URL: </pipermail/attachments/20130204/cdd84dbe/attachment-0001.bin>

More information about the Gnupg-users mailing list