This is part of a series on GNU Privacy Guard:
- Getting Started with GNU Privacy Guard
- Generating More Secure GPG Keys: Rationale (this post)
- Generating More Secure GPG Keys: A Step-by-Step Guide
- Using an OpenPGP Smartcard with GnuPG
In my last post on getting started with GNU Privacy Guard, I mentioned that I’d like to go into more depth about how to use GnuPG more securely. In this post, I’ll show how I recently set up my new OpenPGP key and smart card.
Risks of Naive GPG
First, let’s talk about some of the risks of using GPG in the naive way I demonstrated in my last post.
Once we start using GnuPG to encrypt and sign our data, one of the largest remaining risks is “endpoint security” — namely that our laptop might be compromised and our secret key exposed to an attacker. We generated our key on the laptop we use for a variety of purposes on a daily basis.