article about Air Gapped OpenPGP Key

adrelanos adrelanos at
Sat Nov 23 15:53:51 CET 2013

Paul R. Ramer:
> adrelanos <adrelanos at> wrote:
>> When one uses a Live system for its air gapped OpenPGP key, one
>> would have to constantly remember re-creating this that gpg.conf.
>> (Gone after reboot.)
> Not necessarily.  You can plug in a USB drive with your custom
> gpg.conf file on it, for example.

> A more elegant solution would be
> to modify your Live CD (or whatever you use) to have a gpg.conf file
> in your gpg home directory.  You can search the web on how to make a
> custom Live CD.

That would work. Well, for the context of that article asking readers to
create their own custom Live CD seems like over complicating an awfully
complicated problem even further.

>>> I'd like to call your attention to the "cert-digest-algo SHA256"
>>> line
>> --
>>> this means that your primary key will make stronger signatures
>>> on
>> other
>>> keys (e.g. your subkeys and other people's public keys). This is 
>>> probably a Good Thing.
>> This is important. Can this be set without using gpg.conf?
> You can run gpg by specifying this as an option on the command line,
> e.g. gpg --cert-digest-algo sha256.  Any command line option that you
> can pass to gpg when you run it can be put into your gpg.conf file.

"gpg --cert-digest-algo sha256" is what the article now uses.

> But if your thinking is, "How can I have this set permanently without
> using gpg.conf?"--you can't.  gpg.conf is the configuration file for
> gpg.



More information about the Gnupg-users mailing list