Is a .gnupg directory /w write access mandatory?
David Shaw
dshaw at jabberwocky.com
Sun May 2 02:58:04 CEST 2004
On Sat, May 01, 2004 at 01:21:30PM -0400, David Shaw wrote:
> On Sat, May 01, 2004 at 05:16:12PM +0200, Joe Schulz wrote:
> >
> > Hello all,
> >
> > I am trying to use gnupg in a boot script for a high-security boot
> > process. It only has to decrypt an ascii-armored symmetric ciphertext
> > but at the moment it fails miserably because gnupg seems to ultimately
> > demand write access to some .gnupg directory even if it is not needed
> > for the task at all!
> > At that point in the boot process there is no writable file system
> > whatsoever because we still need to decrypt those keys for the file
> > systems to mount! Talk about tail biting...
> > I'd rather not mount a RAM-disk just for the purpose of getting around
> > this, so is there some - maybe undocumented - way to make gnupg just
> > decrypt my file and skip the ".gnupg" issue?
>
> It is documented. The problem is that GnuPG is trying to save the
> random number seed file. If you don't want this to happen, use
> --no-random-seed-file.
Oops. You'll need both --no-random-seed-file and --lock-never in this
case.
David
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 330 bytes
Desc: not available
Url : /pipermail/attachments/20040501/49c0a453/attachment.bin
More information about the Gnupg-devel
mailing list