I am a new user, experimenting with gpg4win. So far so good, I think, so kudos to all involved.
Is there a way to use USB file along with a passphrase to unlock a private key? (A simple form of “security token” I guess.) CounterMail offers something like this (https://countermail.com/?p=keyfile) and I would be interested in setting up something similar with gpg4win if possible. Of course, if this is just a bad idea, I hope someone will explain why to me.
P.S. Both KeePass and TrueCrypt also offer this feature.
I am unaware of any way to use a key file with a GPG key. I’m very familiar with the concept, but I’ve never heard of any implementation with public key crypto systems.
However, if you put your keyring on a USB and then encrypt it with TrueCrypt and/or encrypt the password with KeePass…you’ve essentially accomplished the same thing. Granted, it would be easier to do it directly, but as I said, I know of no such implementation.
I think the intention with PGP/GPG was that proper safeguarding of your private key should be a sufficient “extra” layer of security. (In addition to a strong pass phrase.)
Just found out that Yubico, makers of the Yubikey security token, now support OpenPGP. More info here:
According to the Yubico team:
“The first release of the OpenPGP app supports one instance of a GPG identity consisting of 3 subkeys.”