MFPA: > [0] is a How-To for creating an OpenPGP keypair for use with GnuPG on > an airgapped system (using Tails) and exporting the subkeys for > day-to-day use. There is a link [1] to a second guide to export the > subkeys to an OpenPGP smartcard.
I was also about suggesting Tails, so thanks for doing that for me :) Daniel Pocock: > The benefit is that everything on the CD is self-contained, it can't be > tampered with, it can run without network support in the kernel and the > workflow would be controlled by a script. All the details, including > workflow, are described in a wiki[2] Tails can be instructed in the Tails Greeter to disable all network access [0]. As far as I understand it, Tails unconditionally blacklists the drivers of all network devices [1]. If network access is enabled in the Greeter, the blacklist is deleted [2] and the related services are restarted; if network access is not enabled, the blacklist stays in place. Yet, Tails might not be what you want because you have a different usage pattern and thread model in mind. For instance Tails ships non-free software (and isn't happy about that) but needs to balance with the possibility to run on almost every device a non-technical savvy user wants it to boot from (which might not be the case for your use case). [0] https://tails.boum.org/doc/first_steps/startup_options/offline_mode/index.en.html [1] https://git-tails.immerda.ch/tails/tree/config/chroot_local-hooks/80-block-network?id=744ad738707e2527f694bdbe12463ddbdb76ddf0 [2] https://git-tails.immerda.ch/tails/tree/config/chroot_local-includes/usr/local/lib/tails-unblock-network?id=744ad738707e2527f694bdbe12463ddbdb76ddf0 _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users