USB devices can't sign. What you do is have a watching only wallet on an online computer. Use that to create an unsigned transaction. Copy the unsigned transaction to your usb drive. Take that to your offline signing machine which has the private keys. Sign the unsigned transaction from the usb drive and copy the signed transaction to the usb drive. Then go back to the online computer and broadcast the signed transaction.
I am no expert on malware/viruses/key loggers, but it would seem to me that this is the only practical risk when using digital media that might expose private keys. I seem to remember reading something on the armory site saying this was a remote risk, but a risk never the less?
Yes, there is a remote risk that a virus is smart enough to hop onto your usb drive, steal your wallet and password when you connect to an offline computer, and send all that data to an attacker once returned to the online computer.
There is a way to mitigate that though. Another project:
https://bitcointalk.org/index.php?topic=134833.0 exists where you can actually transfer the necessary data using webcams and QR codes. It encodes the transaction in a qr code and the offline computer uses a webcam to read the qr code from the screen of the online computer to get the unsigned transaction. Then the reverse happens with the signed transaction. I don't think it works with Armory though.
Trezor is a hardware wallet and completely separate from cold storage and air gapping.
I know, but I was wondering, if you had a multisig cold storage with one of those signers on the trezor device you would get the benefit of effective multi-device/multi-sig? i.e. someone would need both the cold storage machine and the trezor device to sign, and the above leakage risk would be mitigated.
Theoretically, I think it is possible. Whether it has been done and how, I don't know.
