>If you don't own a computer of your own you have no trusted place you can go to generate a PGP key, to set its passphrase securely, to encrypt email before you use the public terminal, to decrypt what you retrieved from the public terminal on your home machine (so your passphrase can't be keylogged or your key cannot be copied), and so forth.
Correct. We should consider it a pre-requisite that someone interested in swapping secure communications has at least one computing unit which they can control. This is like asking "but if someone doesn't have fingers, how will they type at a public computer?" Most people have administrative access to at least one machine, at least a phone if not a laptop. The requirements to generate a key are not excessive.
>That's where opening a "throwaway" email address and sending something unencrypted is a viable use case.
Never said this won't ever be a viable use case. There are times when it'd be appropriate to use a one-time mail address from a public terminal and then discard it. It's really up to the individual if encryption is necessary for the content they're seeking to send.
>One would be wrong. If an adversary is keeping a copy of every file that is opened on a USB stick (which would be trivial to add as an "update", "patch", or "option" to, say, an on-demand antivirus scanner) then it's game over.
So first, this is another level of complexity, another barrier, that makes things more difficult, even if it could plausibly be executed. A random joe who sneaks a hardware keylogger between the board and the machine will not be able to do anything with this. Many amateurs will fail to understand that this kind of thing is needed. It is still much more secure to use a public terminal with the knowledge that this may happen than putting all your eggs in one basket and relying solely on keyboard input ("something you know") for security.
Secondly, if they're copying EVERY file off every USB drive that's plugged in, they may have difficulty distinguishing your key, especially if you take avoidance techniques as mentioned in my first post. Private keys that are used by GnuPG are binary, not plaintext (you can export them as armored keys, but GPG won't use these files directly). You can name the keyfile whatever you want. You can embed your key inside another file and extract it to /tmp with dd. You can put your keyring in a TrueCrypt volume. You can put it in a password-protected rar file. You can encrypt it against a key that is embedded on the stick outside of the filesystem, so that even if the terminal copies the full contents of the filesystem, they still won't be able to use your key. There are all kinds of things one can do to ensure that his key is not just sitting there to be taken, and to be reasonably secure that even if it is taken, it will be difficult to extract in a meaningful manner.
>If they have your key from the previous step then changing your passphrase does absolutely "jack" and "shit"
Yes, I'm aware of this, which is why I prefixed my statement with "[a]s long as the private key is not automatically copied by the terminal..."
> Where are you going to change this passphrase anyway that's on a computer owned/trusted by you if you don't own a computer or don't want to tie that key back to your home machine and identity?
You're not, you must have a machine you trust, as most people trying to leak content will. One could use a virtual machine to manage his identities that he didn't want registered on the host box.
>Then you'll have backdoored copies of GnuPG installed on these machines that will offer you no security.
This is a good point. You should use your own GPG binary hosted on your USB stick instead.
