Please: someone help fix this! guru wanted!

Trevor Cordes tcordes@home.com
Tue May 8 06:13:01 2001 

This is the third time I'm asking this... thanks to the people who
tried helping.  It seems that gpg STILL requires write perms on trustdb.

I need my CGI to encrypt some data with my public key.  I 
don't want the CGI (user apache, group apache) to require
write permissions on ANY file in order to do the encryption,
as I don't want any old CGI process to corrupt my files.

I was using pgp2.6.3 and that always required randseed.bin
to be writable.

I switched to gpg1.0.4 thinking that --no-random-seed-file
would do the trick.  But after experimenting it seems that
instead trustdb.gpg needs to be writable no matter what!

That's simply trading between two evils!

Is there a way I can invoke gpg so that it will work with
NO write perms on ANY files or directories?

Here's what my command line looks like now:

gpg -ea -z9 -r'Web Site Name' --always-trust --lock-never --batch 
 --no-random-seed-file 

Thanks!



> Try the following:

> gpg -ea -z9 -r'Web Site Name' --always-trust --lock-never --batch 

>   --no-random-seed-file ----trusted-key=Web_Site_Name_s_long_ID

> 

> where Web_Site_Name_s_long_ID is the 5th field of the last row produced by

>       gpg --list-keys --with-colons 'Web Site Name'


I thought about that option, but I didn't know how to get the "long
ID".  Thanks!

But I tried it now and it STILL tries to write to trustdb :-(

Here's my command line:

% su - nobody

% gpg -ea -z9 -r'WebSiteName' --always-trust --lock-never --batch
 --no-random-seed-file --trusted-key=705D5C462FC49FE7
gpg: Warning: using insecure memory!
gpg: fatal: /work/who/web/.gpg/trustdb.gpg: can't open: Permission denied

% ls -al /work/who/web/.gpg
total 28
drwxr-xr-x    2 trevor   trevor       4096 Mar 28 14:51 .
drwxrwxrwx   15 trevor   trevor       8192 Mar 27 23:01 ..
-rw-r--r--    1 trevor   trevor        869 Mar 27 13:37 pubring.gpg
-rw-r--r--    1 trevor   trevor          0 Mar 27 13:35 pubring.gpg~
-rw-r--r--    1 trevor   trevor        600 Mar 27 13:37 random_seed
-rw-r--r--    1 trevor   trevor       1091 Mar 27 13:37 secring.gpg
-rw-r--r--    1 trevor   trevor       2560 Mar 27 14:06 trustdb.gpg

Obviously everything works peachy if I execute this as trevor.  But my
web server will eventually run this as apache:apache, so it has to work
for other (non)users.

Please help!