On Wed, May 4, 2011 at 5:44 PM, Jerome Baum <jer...@jeromebaum.com> wrote:
> On Thu, May 5, 2011 at 02:19, Jon Drukman <j...@cluttered.com> wrote:
>
>> putenv('HOME=/tmp/gpg');
>> @mkdir('/tmp/gpg');
>>
>
> At this point, you should be watching carefully. What if another user has
> created this directory to spoof the key?
>
There are no other users on this box, it has a default-deny firewall, and
password logins are disabled. You need to be coming from my office with the
correct ssh key.
> system("/usr/bin/gpg --batch --yes --import /sites/config/public_key.asc");
>> system("/usr/bin/gpg --batch --yes --no-ask-cert-level --trust-model
>> always
>> --output $filename.gpg --encrypt --recipient $recipient $filename >
>> /tmp/gpg.log
>> 2>&1");
>
>
> Again, what if the keyring is already in place? Could even be yourself --
> you create the keyring once, import the public key at the time, then later
> update the public key and import again -- now, which key to use?
>
>
In my testing it seems like if you import the same key over and over again,
nothing bad happens. gpg just ignores it:
% gpg --import /sites/config/public_key.asc
gpg: key 43B4963D: "[redacted]" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
% gpg --import /sites/config/public_key.asc
gpg: key 43B4963D: "[redacted]" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
% gpg --list-keys
/Users/jsd/.gnupg/pubring.gpg
-----------------------------
pub 1024D/43B4963D 2002-04-10
uid [redacted]
sub 1024g/861E4AE2 2002-04-10
Thanks for double checking my work! Always good to get an extra pair of
eyes on things.
-jsd-
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
