How to move secret keys to USB drive
To further secure your secret key ring, you can move it to a USB drive.
When you do that, you will always be able to encrypt and verify information.
In order to sign or decrypt information however, you'll have to make sure your USB drive is plugged in.
Moving the secret key ring will make it harder for an attacker to get hold of your secret keys even if your computer is compromised.
Follow these steps to move all your secret keys:
- close GPG Keychain, Mail and any other gpg application
- open finder, press Shift Cmd G (⇧⌘G), paste '~/.gnupg' without the ' and click Go
- move the directory 'private-keys-v1.d' to the USB drive
- be sure the directory 'private-keys-v1.d' is on your USB drive and not in '~/.gnupg'.
- open the Terminal and enter the following
ln -s '/Volumes/USBdrive/Path/to/private-keys-v1.d' ~/.gnupg/
(replace /Volumes/USBdrive/Path/to/private-keys-v1.d with the actual path)
To test, if accessing your secret keys form the USB drive works, open Mail and create a new signed mail which you send to yourself.
If the incoming email is properly signed, your setup is working.
GPG Mail FAQ
GPG Keychain FAQ
GPG Services FAQ