Is a .gnupg directory /w write access mandatory?

David Shaw dshaw at
Sun May 2 02:58:04 CEST 2004

On Sat, May 01, 2004 at 01:21:30PM -0400, David Shaw wrote:
> On Sat, May 01, 2004 at 05:16:12PM +0200, Joe Schulz wrote:
> > 
> > Hello all,
> > 
> > I am trying to use gnupg in a boot script for a high-security boot 
> > process. It only has to decrypt an ascii-armored symmetric ciphertext 
> > but at the moment it fails miserably because gnupg seems to ultimately 
> > demand write access to some .gnupg directory even if it is not needed 
> > for the task at all!
> > At that point in the boot process there is no writable file system 
> > whatsoever because we still need to decrypt those keys for the file 
> > systems to mount! Talk about tail biting...
> > I'd rather not mount a RAM-disk just for the purpose of getting around 
> > this, so is there some - maybe undocumented - way to make gnupg just 
> > decrypt my file and skip the ".gnupg" issue?
> It is documented.  The problem is that GnuPG is trying to save the
> random number seed file.  If you don't want this to happen, use
> --no-random-seed-file.

Oops.  You'll need both --no-random-seed-file and --lock-never in this

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 330 bytes
Desc: not available
Url : /pipermail/attachments/20040501/49c0a453/attachment.bin

More information about the Gnupg-devel mailing list