There has been some discussion on debian-devel[1] about making a
bootable Debian Live CD specifically for GnuPG
The benefit is that everything on the CD is self-contained, it can't be
tampered with, it can run without network support in the kernel and the
workflow would be controlled by a script. All the details, including
workflow, are described in a wiki[2]
I have some questions about this:
- has anybody already seen anything like this? Nobody likes
re-inventing the wheel
- can we call all the necessary GnuPG commands from a script without the
user interacting directly with GnuPG, using "--batch" / unattanded
operation? The sequence of commands involved would be similar to this
blog[3]
- what would be the preferred way for the GUI to obtain and keep the
master key passphrase without prompting the user to re-enter it for
every operation?
- would anybody else like to suggest improvements to the workflow?