Hello!
I need a setup where the user running "gpg -e -r foobar" is not able to
modify keyring contents. I tried:
# chown -R root:user ~user/.gnupg
# chmod -R o=rwX,g=rX,o= ~user/.gnupg
Unfortunately, this don't work because gpg does some write operations
in its .gnupg directory:
1. It locks the keyring. --lock-never will avoid this. Is it safe
to use --lock-never as long as it is guaranteed that _only_ "gpg -e"
is ever run? No key generation, no imports, no signung. Only
"gpg -e". Is this safe?
2. There's the random_seed file. It is modified at every run. How can
I handle this? I bet it would be a security problem should someone
be able to read this file. Would it be possible to put it into a
different directory?
3. gpg writes temporary files into ~/.gnupg while encrypting.
Any ideas?
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
