Storing keys under a different user...
thomas at northernsecurity.net
Thu Feb 12 12:11:13 CET 2004
-----BEGIN PGP SIGNED MESSAGE-----
On Thu, Feb 12, 2004 at 08:41:45AM +0100, Peter Valdemar Mørch wrote:
> I don't think I understand your objection: Only the specially
> priviledged chmod +s /usr/bin/gpg (or whatever) would be able to access
> nick's keys. None of the standard cat, copy, scp etc. would be able to
> access them. Things *have* changed.
Yes, but ...
> On a similar point: W/Should the user nick then be able to execute:
> gpg --edit
> gpg [-a] --export
> or especially:
> gpg [-a] --export-secret-keys
these options has to be available for the user and ...
> And editing the ~nick_key/.gnupg/gpg.conf should still be possible
> (only) for nick, right? Some way to do that also needs to be present.
this will also cause some problems.
If we skip the what-if-a-trojan talk and add a password for the --edit
and --export options that will leave us with the gpg.conf problem.
One solution could be a visudo type of thing.
== thomas at northernsecurity.net | thomas at se.linux.org
== Encrypted e-mails preferred | GPG KeyID: 114AA85C
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the Gnupg-users