-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Josef Wolf wrote: > 1. It locks the keyring. --lock-never will avoid this. Is it safe > to use --lock-never as long as it is guaranteed that _only_ "gpg -e" > is ever run? No key generation, no imports, no signung. Only > "gpg -e". Is this safe?
Locking is a concurrency mechanism. As such, as long as you can guarantee that only one process will ever use the keyring, you should be fine regardless of what you do. Concurrent encryptions should be safe as well. > 2. There's the random_seed file. It is modified at every run. With good reason. Random number generation is important, and if you keep the same seed values it's possible for the same values to be generated, in which case it's not very random at all. > Any ideas? My first idea, and I think the best suggestion, is to look into rearchitecting your solution so that this kind of lockdown isn't necessary. Barring that, I'll defer other suggestions to the core GnuPG developers. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCgAGBQJFBJNwAAoJELcA9IL+r4EJcV0IAL8cFTdKEQynS7jeImVniClH HbHl7blwQR0ROfJ8zI4HcUAzM7iWNsDQ5LeYhdoHY0cZOZz2OGWttwohNUzhfnRi LDyOcnmA6Ws8IVIApcnBfATI+24+XWX61kqTCmpu1s/40NX8vuLhHMNFCCU9X0p0 0c9zwkwkqr6YKmwUcze0PTmYDlsiyHeUxKBK2/ULNkEhzs6VJFwLPMb2weTFTg3h zZenoVFwt45wSd9Pjzhd7UhIFJFrhqtNcRg5XQ7d1agbXQWx1U+Y2CgOPazH6456 rtdx7a+Jk9JR3DDSS8IqM0qKaGZLir5gTKz7KtAVdCd6wi33LdLkGMe/MahaigU= =HHcf -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
