gpgme: Pre-loading keyrings?

Jann Fischer rezine at
Sun May 18 22:23:01 CEST 2003

Hello list,

is it, or could it by any means be, possible to "pre load" a keyring to
use with gpgme? The reason for this question is, to have an application
run in a minimalistic chroot(2) environment without exposing the keyring
in case an attacker could gain access through the application. I thought
on something like:

/* running privileged, bad idea yadda yadda */
GpgmeKeyring keyring;
/* Loads from default location, $HOME/.gnupg */
keyring = gpgme_load_keyring();
chroot("/var/somewhere"); chdir("/");
setgid(32768); setuid(32768);
/* [...] */
  Tell the gpgme context to use the preloaded keyring object instead
  of looking for it in $HOME/.gnupg 
gpgme_set_keyring(ctx, keyring);

I'm quite sure it's not possible already, yet I think it would be a
pretty nice feature to have. So, does the current overall design in
GnuPG / libgpgme prevent this feature at all, or would it (by hacking
something up) be possible to implement this functionality?

Just a thought and something I could need for an application I write.

Be careful who you follow.
0x6D839821 | FA8C 3663 9906 D8C3 AC16  F7C4 66E0 F351 6D83 9821
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : /pipermail/attachments/20030518/29b3f79c/attachment.bin

More information about the Gnupg-devel mailing list