VM's all the way, be that Whonix or an encrypted Debian Linux option. Keep the VM's on encrypted media e.g. Trucrypt containers on a USB or SD card. Also if you have a Debian Linux VM you can have your PGP tucked away in there leaving no other trace on your machine so no annoying keychain pop up listing all your vendors keys when you right click on notepad or something. Also remember to spoof your MAC address, very simple to do via terminal.