Hi Sämi, > Some weeks ago I found on debian-security [1] the following script: > > #!/bin/sh > gpg keys.gpg > /dev/null > emacs keys > rm keys.gpg > gpg -r "user-ID" -e keys > rm keys > > What do you guys think is this approach reasonably secure? I like > the script above because it is rather simple. Well - the question is of course: What do you understand by "reasonably secure" ;-) In fact, I see one really weak point in this approach: Whenever you read / write the file, you create a un-encrypted copy which is stored on the disk. later, you only delete it by "rm" - you don't "zero-out" the bytes: The file is no longer accessible by the filesystem, but there is a high probability that it is possible to re-create the deleted file by analyzing the free sectors of your file system (especially, as you create an new unencrypted copy whenever you start this script).
And of course: while you are reading the file, it is stored unencrypted on your disk - you shouldn't use this script on a multi-user machine (or on a machine where automatic backups can happen while you are editting this file - thus the un-encrypted copy is included into the backup). A much safer approach (using vim instead of emacs) is e.g described in http://www.debian.org/doc/manuals/reference/ch-gnupg.en.html, 14.4.2: In this way, the clear-text version is never stored on the hard-disk, but only kept in memory while you are editing the file. In addition - it is more comfortable: you just have to open the file in vim, and it will be automatically decrypted... I'm sure for emacs exists an analogous approach (if you prefer emacs to vim) HTH, Axel -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
