Working with an Online and Offline Computer when using GnuPG - Best Practice?

Stefan Claas stefan.claas at
Tue Oct 10 13:59:26 CEST 2017

Am 10.10.2017 um 04:51 schrieb Duane Whitty:

> I find this topic quite interesting so if I may comment a little more...
> Firstly, I think it's really easy to get carried away here with
> security measures one probably doesn't really need.  If you do have a
> need for air-gapped computers then you also have a need for a lot of
> other security measures.
> 1) How good are the locks on the doors to your house?
> 2) What about your windows?
> 3) What about fire protection?
> 4) What about data backups?
> 5) Do you have a policy and mechanism in place for how long you keep dat
> a?
> 6) How about backup security, both on-site and off-site?
> 7) What mechanism will you use for media destruction when your policy
> indicates you don't need certain data any longer?
> 8) How are you protecting your public/private keys?
> 9)...
> I could continue to go on but maybe I'm getting carried away here.
> The point I'm trying to make is that if there are lots of attack
> vectors and just focusing on where you encrypt/decrypt messages
> doesn't necessarily make you that much more protected.
> Just my opinion and it's not meant as criticism just as "food for though
> t"
Thanks for your reply and the points you have outlined!

I do find this topic interesting as well, hence why i started it. :-)

My thread model is not as high as of other peoples,  i assume.

I came up with this idea while reading about black/red boxes computers,
which act as online/offline computers. And i recently discovered Neal
Walfield's "An Avanced Introduction to GnuPG". At page 42 of his .pdf
he speaks of offline computers as well.

Even if i'm maybe now on the radar of some folks and i could have no
chance to properly secure my PGP communications in the future,
at least this discussion may help the interested reader how to use
GnuPG in the future, in a more secured way.

Best regards

More information about the Gnupg-users mailing list