Hello everyone, I'm new to GPG and unfortunately, the longer I browse the internet and read about the topic, the lesser I know :(
I would like to hear your opinions on this setup: 1. I have turned my Raspberry Pi into my super secure offline computer. This system will never be connected to the internet, it uses a keyboard which I have bought only for this system and both, the RPi and the keyboard will be locked into my safe. So: No malware, no keyloggers (hardware and software). 2. I will create my GPG keys on this system and store them on a USB drive inside a TrueCrypt container. I will carry that drive with me all the time. I think it's not even necessary to put the keys into a TrueCrypt container since they are encrypted as well but in case I lose the drive and someone finds it, he would not immediately know what kind of content he is dealing with and would probably just delete the stuff. 3. I would like to have further backups of that drive, who knows, it might get damaged some day and I don't want to lose my key that way. My questions are the following: a) Do you see any flaws in that setup? b) If I assume that my everyday laptop is infested with spyware and keyloggers (which I don't believe), all my precautions are useless, aren't they? In order to mount the TrueCrypt volume I have to enter the password and in order to encrypt/decrypt mails, I have to enter the password for my GPG key. A spy would now know my password and maybe even be able to download my key, wouldn't he? Does that mean, I can only encrypt/decrpyt messages on my offline machine, then copy them on a thumbdrive, then paste them into my mail client?? c) How can I create further backups? Obviously I can just copy the contents of my important USB stick onto more sticks. They will hardly all fail at the same time. Then I could store those sticks at different locations. That sounds quite inconvenient. I would prefer to store the contents of my thumbrive on Dropbox or Google Drive, for example. Would that be a problem? I mean.. it's inside a TrueCrypt container with a very strong password. Even if someone cracked that container, he would find my encrypted private key, with an even stronger password. If he would be able to bruteforce even that password, I think then I am dealing with an enemy with godlike powers anyways. Any input is greatly appreciated! Best regards, Martin
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
