Generating More Secure GPG Keys: Rationale

This is part of a series on GNU Privacy Guard:

1. Getting Started with GNU Privacy Guard
2. Generating More Secure GPG Keys: Rationale (this post)
3. Generating More Secure GPG Keys: A Step-by-Step Guide
4. Using an OpenPGP Smartcard with GnuPG

In my last post on getting started with GNU Privacy Guard, I mentioned that I’d like to go into more depth about how to use GnuPG more securely. In this post, I’ll show how I recently set up my new OpenPGP key and smart card.

Risks of Naive GPG

First, let’s talk about some of the risks of using GPG in the naive way I demonstrated in my last post.

Endpoint Security

Once we start using GnuPG to encrypt and sign our data, one of the largest remaining risks is “endpoint security” — namely that our laptop might be compromised and our secret key exposed to an attacker. We generated our key on the laptop we use for a variety of purposes on a daily basis.

Read More…