[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gnupg-users
Subject:    Re: article about Air Gapped OpenPGP Key
From:       adrelanos <adrelanos () riseup ! net>
Date:       2013-11-23 14:53:51
Message-ID: 5290C17F.3080605 () riseup ! net
[Download RAW message or body]

Paul R. Ramer:
> adrelanos <adrelanos@riseup.net> wrote:
>> When one uses a Live system for its air gapped OpenPGP key, one
>> would have to constantly remember re-creating this that gpg.conf.
>> (Gone after reboot.)
> 
> Not necessarily.  You can plug in a USB drive with your custom
> gpg.conf file on it, for example.

> A more elegant solution would be
> to modify your Live CD (or whatever you use) to have a gpg.conf file
> in your gpg home directory.  You can search the web on how to make a
> custom Live CD.

That would work. Well, for the context of that article asking readers to
create their own custom Live CD seems like over complicating an awfully
complicated problem even further.

>>> I'd like to call your attention to the "cert-digest-algo SHA256"
>>> line
>> --
>>> this means that your primary key will make stronger signatures
>>> on
>> other
>>> keys (e.g. your subkeys and other people's public keys). This is 
>>> probably a Good Thing.
>> 
>> This is important. Can this be set without using gpg.conf?
> 
> You can run gpg by specifying this as an option on the command line,
> e.g. gpg --cert-digest-algo sha256.  Any command line option that you
> can pass to gpg when you run it can be put into your gpg.conf file.

"gpg --cert-digest-algo sha256" is what the article now uses.

> But if your thinking is, "How can I have this set permanently without
> using gpg.conf?"--you can't.  gpg.conf is the configuration file for
> gpg.

Okay.

Cheers,
adrelanos

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
[prev in list] [next in list] [prev in thread] [next in thread]