article about Air Gapped OpenPGP Key
Paul R. Ramer
free10pro at gmail.com
Sat Nov 23 04:09:14 CET 2013
adrelanos <adrelanos at riseup.net> wrote:
>When one uses a Live system for its air gapped OpenPGP key, one would
>have to constantly remember re-creating this that gpg.conf. (Gone after
>reboot.)
Not necessarily. You can plug in a USB drive with your custom gpg.conf file on it, for example. A more elegant solution would be to modify your Live CD (or whatever you use) to have a gpg.conf file in your gpg home directory. You can search the web on how to make a custom Live CD.
>> I'd like to call your attention to the "cert-digest-algo SHA256" line
>--
>> this means that your primary key will make stronger signatures on
>other
>> keys (e.g. your subkeys and other people's public keys). This is
>> probably a Good Thing.
>
>This is important. Can this be set without using gpg.conf?
You can run gpg by specifying this as an option on the command line, e.g. gpg --cert-digest-algo sha256. Any command line option that you can pass to gpg when you run it can be put into your gpg.conf file. But if your thinking is, "How can I have this set permanently without using gpg.conf?"--you can't. gpg.conf is the configuration file for gpg.
Cheers,
--Paul
--
PGP: 3DB6D884
More information about the Gnupg-users
mailing list