Josef Wolf wrote:
>I need a setup where the user running "gpg -e -r foobar" is not able to
>modify keyring contents. I tried:
>
> # chown -R root:user ~user/.gnupg
> # chmod -R o=rwX,g=rX,o= ~user/.gnupg
You'd better use chattr -i on it.
>to use --lock-never as long as it is guarantee
On Wednesday 13 September 2006 12:55 pm, Josef Wolf wrote:
> On Tue, Sep 12, 2006 at 02:10:57PM -0500, Robert J. Hansen wrote:
> > I apologize if this email seems snarky.
>
> Robert, please get a beer and calm down.
>
> > However, I'm getting tired of repeating the same answers over and over
> > ag
On Tue, Sep 12, 2006 at 02:10:57PM -0500, Robert J. Hansen wrote:
> I apologize if this email seems snarky.
Robert, please get a beer and calm down.
> However, I'm getting tired of repeating the same answers over and over
> again.
If you find yourself repeating the same answers, chances are tha
On Tue, Sep 12, 2006 at 03:05:08PM -0400, David Shaw wrote:
> On Tue, Sep 12, 2006 at 08:42:39PM +0200, Josef Wolf wrote:
>
> > AFAIK, having random_seed be accessible to unauthorized people is
> > not acceptable. Thus I have no choice, I just _have_ to use the
> > --no-random-seed-file option.
On Tue, Sep 12, 2006 at 08:42:39PM +0200, Josef Wolf wrote:
> AFAIK, having random_seed be accessible to unauthorized people is
> not acceptable. Thus I have no choice, I just _have_ to use the
> --no-random-seed-file option. Unfortunately, the man page don't
> explain where the random data come
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
I apologize if this email seems snarky. However, I'm getting tired of
repeating the same answers over and over again.
Josef Wolf wrote:
>>> Don't most unices have /dev/random nowadays? I never planned to
>>> run this thing on a windows box :)
>>
On Mon, Sep 11, 2006 at 05:28:25PM -0500, Robert J. Hansen wrote:
> Josef Wolf wrote:
> > Don't most unices have /dev/random nowadays? I never planned to run
> > this thing on a windows box :)
> GnuPG has been ported to many platforms. BeOS, OpenVMS, Win32, and many
> more that have no /dev/rand
Josef Wolf wrote:
> Don't most unices have /dev/random nowadays? I never planned to run
> this thing on a windows box :)
GnuPG has been ported to many platforms. BeOS, OpenVMS, Win32, and many
more that have no /dev/random.
> Hmm, the only drawback I see is a slowdown. The application will
> j
On Mon, Sep 11, 2006 at 03:27:59PM -0500, Robert J. Hansen wrote:
> Josef Wolf wrote:
> 1. /dev/random isn't available on all platforms. GnuPG's random number
> generator is.
Don't most unices have /dev/random nowadays? I never planned to run this
thing on a windows box :)
> 2. /dev/rand
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Josef Wolf wrote:
> I wondered why /dev/random is not used.
A few reasons, any one of which would be sufficient.
1. /dev/random isn't available on all platforms. GnuPG's random number
generator is.
2. /dev/random is exhaustible. This is a Bad
Thanks for your response, Robert!
On Sun, Sep 10, 2006 at 05:36:33PM -0500, Robert J. Hansen wrote:
> Josef Wolf wrote:
> > 1. It locks the keyring. --lock-never will avoid this. Is it safe
> > to use --lock-never as long as it is guaranteed that _only_ "gpg -e"
> > is ever run? No ke
On Mon, 11 Sep 2006 00:16, Josef Wolf said:
> 1. It locks the keyring. --lock-never will avoid this. Is it safe
> to use --lock-never as long as it is guaranteed that _only_ "gpg -e"
If the keyrings are read-only, there is no need for locking. Thus
--lock-never is safe.
> 2. There's the
Josef Wolf wrote:
> Hello!
>
> I need a setup where the user running "gpg -e -r foobar" is not able to
> modify keyring contents. I tried:
>
> # chown -R root:user ~user/.gnupg
> # chmod -R o=rwX,g=rX,o= ~user/.gnupg
>
> Unfortunately, this don't work because gpg does some write operati
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Josef Wolf wrote:
> 1. It locks the keyring. --lock-never will avoid this. Is it safe
> to use --lock-never as long as it is guaranteed that _only_ "gpg -e"
> is ever run? No key generation, no imports, no signung. Only
> "gpg -e".
Hello!
I need a setup where the user running "gpg -e -r foobar" is not able to
modify keyring contents. I tried:
# chown -R root:user ~user/.gnupg
# chmod -R o=rwX,g=rX,o= ~user/.gnupg
Unfortunately, this don't work because gpg does some write operations
in its .gnupg directory:
1. It
Hello!
I need a setup where the user running "gpg -e -r foobar" is not able to
modify keyring contents. I tried:
# chown -R root:user ~user/.gnupg
# chmod -R o=rwX,g=rX,o= ~user/.gnupg
Unfortunately, this don't work because gpg does some write operations
in its .gnupg directory:
1. It
16 matches
Mail list logo
