Multiple email addresses - any alternative to ask everyone to sign all my keys?

Christopher J. Walters cwal989 at
Wed Jul 24 04:06:05 CEST 2013

On 7/23/2013 8:29 PM, Martin wrote:
> @Chris: That still leaves the problem of having to enter the passphrase for the
> key on the untrusted machine, which might have a keylogger, doesn't it?


It does, which is why I prefaced my suggestion with a warning against using an 
untrusted computer.  However, a keylogger alone, would not be enough to 
compromise a key on a Live USB drive.  That would give an attacker a passphrase 
without a secret key.  The attacker would need to find and copy the keyring 
files from the USB drive.

That could be defeated by using a Live CD/DVD of an arguably more secure 
kernel/OS, such as GNU/Linux or *BSD with the USB drive for storing the 
keyrings.  That way, so long as you trust the Live CD/DVD distribution, what is 
on the untrusted computer's HDD would not matter.


More information about the Gnupg-users mailing list