article about Air Gapped OpenPGP Key

Paul R. Ramer free10pro at
Sat Nov 23 04:09:14 CET 2013

adrelanos <adrelanos at> wrote:
>When one uses a Live system for its air gapped OpenPGP key, one would
>have to constantly remember re-creating this that gpg.conf. (Gone after

Not necessarily.  You can plug in a USB drive with your custom gpg.conf file on it, for example.  A more elegant solution would be to modify your Live CD (or whatever you use) to have a gpg.conf file in your gpg home directory.  You can search the web on how to make a custom Live CD.

>> I'd like to call your attention to the "cert-digest-algo SHA256" line
>> this means that your primary key will make stronger signatures on
>> keys (e.g. your subkeys and other people's public keys). This is
>> probably a Good Thing.
>This is important. Can this be set without using gpg.conf?

You can run gpg by specifying this as an option on the command line, e.g. gpg --cert-digest-algo sha256.  Any command line option that you can pass to gpg when you run it can be put into your gpg.conf file.  But if your thinking is, "How can I have this set permanently without using gpg.conf?"--you can't.  gpg.conf is the configuration file for gpg.



PGP: 3DB6D884

More information about the Gnupg-users mailing list