patching GnuPG to shuddup was: Re: Signatures and GnuPG and PGP 6.8.X

Larry Rosenman ler@lerctr.org
Mon, 23 Oct 2000 14:32:42 -0500



>From the doc/FAQ file:
6. PROBLEMS and ERROR MESSAGES 6.1) Why do I get "gpg: Warning: using insecure memory!" On many systems this program should be installed as setuid(root). This is necessary to lock memory pages. Locking memory pages prevents the operating system from writing memory pages to disk and thereby keeping your secret keys really secret. If you get no warning message about insecure memory your operating system supports locking without being root. The program drops root privileges as soon as locked memory is allocated. If you can't or don't want to install GnuPG setuid(root), you can use the option "--no-secmem-warning" or put no-secmem-warning in your ~/.gnupg/options file. -----Original Message----- From: Armin Hartinger [mailto:armin@pctechware.com] Sent: Monday, October 23, 2000 2:27 PM To: Larry Rosenman Cc: Caleb Land; gnupg-users@gnupg.org Subject: Re: patching GnuPG to shuddup was: Re: Signatures and GnuPG and PGP 6.8.X The platform is actually FreeBSD. It's my webhost on which I just have a little useraccount. and ... I don't really follow what you are trying to say below. Would going in into the C-source and just commenting out the offending message out - work? Just wondering... -Armin Larry Rosenman wrote:
> On what platform? On Linux, I believe, the gpg binary needs to be
> setuid root. On UnixWare, add filepriv -f plock /path/to/gpg
>
> Larry
>
> * Armin Hartinger <armin@pctechware.com> [001023 13:58]:
> > How to patch gnupg to not complain? It messes up php-scripts of mine
this way. (complaining
> > about insecure memory)
> > -Armin
> >
> > Caleb Land wrote:
> >
> > > Hello,
> > > I'm using GnuPG 1.0.4 (patched to not complain about
> > > deprecated algorithms), and a friend of mine is using the newest
> > > freeware PGP program (6.8.something). When I encrypt a file and sign
> > > it and send it to him, he can decrypt it, but his program reads that
> > > it is a bad signature.
> > > Now, I tried both attaching the file\ and using mutt to
> > > encrypt and sign it, and I tried doing:
> > >
> > > ---output---
> > >
> > > [caleb@deepthought caleb]$ gpg --armor --sign --recipient "Brian R.
Boyce" --encrypt test.c
> > > gpg: Warning: using insecure memory!
> > >
> > > You need a passphrase to unlock the secret key for
> > > user: "Caleb Land (RedHatDude) <bokonon@rochester.rr.com>"
> > > 1024-bit DSA key, ID 29402314, created 2000-10-18
> > >
> > > ---/output---
> > >
> > > He can decrypt the file fine, but it reads that my signature
> > > is bad. I moved my private/public keypair to a windows box with the
> > > newest version of freeware PGP, and sent him a file which I encrypted
> > > and signed, and all went well. It both decrypted and the signature
> > > checked out okay.
> > > I hope that this is enough information. Unfortunately, I am
> > > fairly new to this stuff, so I don't understand it too well.
> > >
> > > One more thing: I get a message which I don't understand when
> > > I try to decrypt files sent by him to me:
> > >
> > > ---output---
> > >
> > > [caleb@deepthought caleb]$ gpg --decrypt DTF-802.pdf.asc > DTF-802.pdf
> > > gpg: Warning: using insecure memory!
> > >
> > > You need a passphrase to unlock the secret key for
> > > user: "Caleb Land (RedHatDude) <bokonon@rochester.rr.com>"
> > > 1024-bit ELG-E key, ID 0E85FED7, created 2000-10-18 (main key ID
> > > 29402314)
> > >
> > > gpg: encrypted with 3072-bit ELG-E key, ID AA4D2A27, created
> > > 2000-10-16
> > > "Brian R. Boyce <Veritas@rochester.rr.com>"
> > > gpg: no secret key for decryption available
> > > gpg: Signature made Mon Oct 23 12:09:06 2000 EDT using DSA key ID
> > > 752A64A7
> > > gpg: Good signature from "Brian R. Boyce <Veritas@rochester.rr.com>"
> > >
> > > ---/output---
> > >
> > > What does "gpg: no secret key for decryption available" mean?
> > > The file decrypts fine, but I have no idea what the error (warning or
> > > neither?) message means.
> > >
> > > --
> > > Sincerely,
> > > Caleb Land
> > > (bokonon@rochester.rr.com)
> > >
> > > --
> > > Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
> > > with a subject of "unsubscribe" to gnupg-users-request@gnupg.org
> >
> > --
> > Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
> > with a subject of "unsubscribe" to gnupg-users-request@gnupg.org
>
> --
> Larry Rosenman http://www.lerctr.org/~ler
> Phone: +1 972-414-9812 (voice) Internet: ler@lerctr.org
> US Mail: 1905 Steamboat Springs Drive, Garland, TX 75044-6749
-- Archive is at http://lists.gnupg.org - Unsubscribe by sending mail with a subject of "unsubscribe" to gnupg-users-request@gnupg.org -- Archive is at http://lists.gnupg.org - Unsubscribe by sending mail with a subject of "unsubscribe" to gnupg-users-request@gnupg.org