I just meant isolated I shouldn't have said air-gapped since that actually means isolated such that there is a complete lack of an attackable path to it from the internet. Virtualization used for isolation of GPG private key simulates air gaps but it isn't as secure. Qubes allows for storing GPG private keys and plaintexts in an isolated domain but it still has a path to it if the hackers can break out of the virtualization. On the other hand, running GPG on a machine without any attack path from the internet to it is a real air gap. The best is probably to have two machines for encryption. Machine 1 has your private key on it and is used for decrypting messages, it can have ciphertexts from the internet brought over to it via one time use CD's (so can be infected), but never has any outgoing patch to the internet (so cannot phone home). Machine 2 is used for encrypting messages, it can have ciphertexts sent from it via one time use CD's (so can phone home) but it cannot have anything brought to it by media that has accessed the internet (so cannot be infected). Your private key will be completely protected. The only way an attacker could compromise your plaintexts is if they hack you via a public GPG key somehow (which you must load to be able to encrypt messages to people), and then configure your system to somehow send out the information they are interested in, perhaps by screwing with your PRNG so they can always determine the session key of your outgoing ciphertexts.