Alan Reiner of BitcoinArmory (fantastic program btw!) has an 'Offline signing key'
http://pgp.mit.edu:11371/pks/lookup?op=vindex&search=0x4AB16AEA98832223I am inferring that this is a PGP private key on a 'cold storage' computer, with a different passphrase to his main 'hot' computer private key(s), that protects his electronic signature against keyloggers by using an air-gap, just like Armory does for bitcoins. Therefore a sig of a hash of a binary (eg Armory) is very difficult to impersonate with a malware binary.
However, I think that the above can only achieved by having a separate 'cold signing' keypair (but I'm not sure, hence this post). I'm thinking this because:
- Alan's key has only have one subkey within the public key he distributes (FF52507FDE6B2D74). This means I can only validate against one key, which is presumably the same one used for receiving emails etc, ie on his main 'hot' computer...
- Even if his cold-signing subkey was included, when I do gpg --verify filename, it only shows the main keyid, not the subkey, for example "gpg: Signature made Wed 25 Dec 17:06:03 2013 GMT using RSA key ID 98832223". Thus if the hot key's passphrase was compromised, then a hot-signed malware would still be indistinguishable from the cold-signed genuine binary.
I want to have a separate passphrase that I only use for signing on an air-gapped computer. Am I right in my thinking? Or am I missing something?
I'm doing this on OSX using gpg (GnuPG/MacGPG2) 2.0.22 by the way.
