key generation: paranoia mode - explicit random input

Robert J. Hansen rjh at
Fri Feb 28 04:23:42 CET 2014

> I just got asked: "How do I know that GnuPG in distro XY is not 
> compromised?"

You don't.

At some point you have to choose to trust something.  This is usually
your operating system provider.  If you can't trust your operating
system provider, then you're completely screwed and there's nothing
anyone can do to change this.

The question is not, "has GnuPG in distro XY been compromised?"

The question is, "should I trust distro XY?"

More information about the Gnupg-users mailing list