There are various blogs guiding people to use a Debian Live CD for managing PGP master keys
Has anybody thought of making a dedicated live CD image for this purpose, with some kind of PGP quick setup wizard and attempting to enforce a sane and secure workflow? One page I came across suggested using the Tails environment, but it is not clear that using Tails is a good idea. The focus of Tails is using the network anonymously, whereas a PGP master key is intended to assert your identity and may facilitate tracking you. Having a different image for this purpose may be a simple way to maintain a distinction between these concepts. Some specific things that the live image could do: - verifying there is no network connection, no DHCP daemon, automatically shutting down if a network connection becomes active - formatting 2 or 3 flash drives in a mirrored configuration (md or Btrfs) to mount at ~/.gnupg - formatting another flash drive for distributing the public key - preparing smart cards - key renewal - storing and printing revocation certificate - asking users for their user ID in a GUI and doing all the necessary gnupg commands for them - logging all the gnupg commands for advanced users to inspect
