Setting up gpg on an IRIX web server

Johan Wevers
Thu, 3 Feb 2000 23:12:08 +0100 (MET)

Greg McKean wrote:

> I run the command "pgpfiles/gpg.bin" I always recieve the error:
> gpg: Warning: using insecure memory!
Add the following command-line option: --no-secmem-warning Suppress the warning about "using insecure memory". Or make gpg suid root (chmod 4755 gpg). Secure memory is memory that can't be swapped to disk. But on operating systems that support this feature you need root priviliges to get such memory, ordinary users can't. Setting a program suid root allows the program to run with root privs although it is started by another user - a potential security rusk so you should enable this by hand. Without root access to the machine you can't without hacking the machine.
> gpg: ~/.gnupg: can't create directory: No such file or directory
The tilde (~) stands for the users home directory in gpg. I assume (but I can be mistaken here) that in this case it is the homedirectory of the user that owns the webserver, or the user the webserver starts its scripts as (that can be different due to security reasons). However, you can override this directory: from the man page: ENVIRONMENT HOME Used to locate the default home directory. GNUPGHOME If set directory used instead of "~/.gnupg". --homedir directory Set the name of the home directory to directory If this option is not used it defaults to "~/.gnupg". It does not make sense to use this in a options file. This also overrides the envi- ronment variable "GNUPGHOME". I'll mail you the man page.
> I created a directory called .gnupg off of the directory that contains gpg
> (pgpfiles) but still recieve the above message. I'm not a UNIX person but I
> figured that is where ~/.gnupg refers to. Where is it actually looking? I
> also created the same dir off of my document root in case that is where it
> was looking but recieved the same results. I can't actually create anything
> off of the real root because I am on a virtual web server account.
Did you get that working? I tried, and although it works fine in my local network, I can't get it to work on a server connected to the internet. :-(
> In the beginning of this fiasco I found a PGP v.2.6.2 IRIX binary and it
> took me a couple of days to get it working on the server. I was able to
> create the randseed.bin and keychains on a DOS box that also worked on the
> IRIX server. Can I use those for gpg also or do I need to create new ones?
Randseed.bin is re-created by gpg (I don't know if Irix has a decent random device but I assume it has because gpg would have complained otherwise). The keyfiles can be imported only if you load the RSA and IDEA modules.
> Is there a way to do this without the telnet or actual IRIX box access?
I don't know.
> I stopped developement of the PGP related scripts after talking with a
> Network Associates rep who told me that MINIMUM pgp would cost $4500 (two
> year subscription) to use on a commercial website. STEEEP.
You could in that case also use pgp 2.6.3i - no licenses required. -- ir. J.C.A. Wevers // Physics and science fiction site: // PGP public keys at