How would this fine community recommend to make a standardized comment about keys being used in unsecure environments.
Your question sounds like "how can I best mitigate the risks of playing Russian roulette?" The answer is elegantly simple: don't play Russian roulette. There is no way to effectively mitigate the risks once you start playing Russian roulette.
If I were to see a warning like the one you mention, I would read it as, "I cannot be trusted to properly employ even basic communications security. Everything I'm doing is security theater."
Don't expose your unencrypted private certificate to an untrusted environment. It really is that simple. If you don't trust your Android environment, don't ever allow your unencrypted private certificate to be stored on it, even briefly.
OpenPGP_signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list [email protected] https://lists.gnupg.org/mailman/listinfo/gnupg-users
