Using portable drive with GPG

[jordan4501]

I have a public/private key pair. I have the private key on a hardware AES encrypted USB drive. I can download the encrypted files on any computer, and need to be able to open them using the private key on my USB drive (private_key.asc). How can I do this, without importing the key into gpg (i.e. so it can't be used after I remove my USB key)?

Is there some kind of gpg switch where you select the private key file? Like

gpg --privatekey usb/private_key.asc --output file1.txt --decrypt file1.gpg

Thanks!

[atreyu]

I don't believe you can do it that way. The concept of a key ring is part of the security. However, you could make a copy of the GPG home dir, and tell gpg to use it with the --homedir option. so you could:

1. create a GPG tmp home directory (use tmpfs for security), e.g.:
mkdir /tmp/gpg_home
2. copy the GPG home dir to this tmp dir
3. import the public key into this private keyring
4. call gpg using the tmp dir as the GPG home dir

[jordan4501]

Ahh, interesting. So could I copy the gpg home directory from my home computer onto the USB drive, then tell it to use the directory on the USB as the home directory?

[atreyu]

yes, but having that private key on anything portable is an inherent risk. as long as you understand those risks, and take all possible precautions to prevent compromise (like hardware encryption...)