Currently downloading Gpg4win; just before I continue, what exactly is this going to do? I'm not sure I understand why I've got to do this.
Because I already have passwords for my Electrum wallet, and the wallet names I was assigned seem pretty complex. Is this whole process just going to add another layer of passwords around the software, the file or both?
In this case, there are two reasons to do this.
1) To confirm that you are downloading what you
think you are downloading. In this case, the Electrum developers released the client, and you want to make sure that you are installing the original, unmodified version that you were intended to get. It's good to be in this habit to avoid malicious downloads.
At
http://electrum.org/download.html you can see that they have provided an md5 hash of your download to ensure its integrity, and a .asc -- the files release signature -- so that you can ensure that you are receiving the original, unmodified version from the developers.
2) To be able to encrypt and decrypt files. For example, with Electrum, and others I think, only private keys are encrypted when you set a pass phrase. Encrypting your wallet file(s) adds another layer of protection and opaqueness. You have to understand that no security measure is enough to stop a well-armed attack. It's all about deterrence. A pass phrase that encrypts your private keys only means that in an unencrypted directory, your public keys are saying "I'm a bitcoin wallet. Right here!"
As always -- this may be overkill depending on your potential holdings and how you value them. You don't
need to encrypt your wallet files beyond the encryption of your private keys by setting a pass phrase. Many people don't.
But it
is good to be in the habit of knowing how to recognize a trusted download from an untrusted one.
You can set up cold storage on a USB drive, sure. With QT, for instance, just back up the wallet.dat file on the USB -- preferably, the wallet should be generated initially offline, the wallet should be encrypted before stored, and all files on the drive encrypted.
I actually cannot find a wallet.dat file; I did a full hard drive search. It's not on my USB drive either; all that appears on my USB is the Electrum program; and yet there appears to be Wallet ID's under the received tab.
Wallet.dat referred to the Bitcoin QT client. Sorry, I'm not too familiar with Electrum. Consider checking out the Electrum subforum:
https://bitcointalk.org/index.php?board=98.0
