gpgsafe - wrapper for gpg to protect against secret key atta

Lionel Elie Mamane
Wed Jul 4 08:43:01 2001

Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Jul 03, 2001 at 07:05:32PM -0600, Kurt Fitzner wrote:

> > Hmm... If one person is able to edit your keyring, why won't she
> > be able to trojan the GnuPG binary, the gpgsafe wrapper, or simply
> > run "updategpgsafe", too?

> No. The 'updategpgsafe' script uses gpg to sign. This requires you
> to enter the passphrase for the secret key.
Yep, I overlooked that... The gpgsafe wrapper had better be writable only by root, so it can't be trojaned... --=20 Lionel Elie Mamane RFC 1991 (PGP 2.x) 2048 bits Key Fingerprint (KeyID: 20C897E9): 85CF 986F 263E 8CD0 80FD 4B8C F5F9 C17D OpenPGP DH/DSS 4096/1024 Key Fingerprint (KeyID: 3E7B4B73): 9DAD 3131 3ADA F50B D096 002A B1C4 7317 3E7B 4B73 --gKMricLos+KVdGMg Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see iD8DBQE7QrtGscRzFz57S3MRAoB2AJ9sImS8MSSuc2l5wH1ZmUkSVNxaNgCgwbVf Juw1ujf3XQ6sQbwewUl9Y3A= =CXyA -----END PGP SIGNATURE----- --gKMricLos+KVdGMg--