verifying a file

eel_c
Fri Nov 23 02:53:01 2001


You=20may=20set=20"HomeDir"=20to=20"C:\WINNT\Profiles\username\Application=20=
Data\GnuPG"=20or=20somewhere=20that=20it's=20only=20be=20accessed=20by=20spe=
cific=20user,=20like=20Administrator.

And,=20you=20need=20set=20"gpgProgram"=20to=20"C:\gnupg"=20or=20the=20direct=
ory=20of=20your=20GPG=20program=20installed.

-----Original=20Message-----
From:=20Kent=20Tong=20[mailto:kent@cpttm.org.mo]
Sent:=20Friday,=20November=2023,=202001=209:04=20AM
To:=20gnupg-users@gnupg.org
Subject:=20Re:=20verifying=20a=20file


>=20On=20Thu,=2022=20Nov=202001=2018:45:25=20+0800,=20Kent=20Tong=20said:
>=20
>=20>=20I=20notice=20that=20when=20I=20verify=20a=20detached=20signature,=20=
gpg=20will=20not
>=20>=20check=20the=20integrity=20of=20my=20public=20keyrings=20(because=20i=
t=20doesn't
>=20>=20ask=20for=20my=20passphrase).=20My=20question=20is,=20what=20if=20so=
meone=20puts=20some=20
>=20
>=20This=20is=20pointless.=20=20If=20someone=20is=20able=20to=20modify=20you=
r=20keyring=20he=20can
>=20do=20all=20kind=20of=20stuff=20-=20including=20sniffing=20your=20passphr=
ase=20and
>=20trojaning=20your=20binaries.=20

It=20means=20that=20root=20can=20do=20anything=20he=20wants?=20On=20Windows,=
=20it=20is=20even
more=20dangerous=20as=20by=20default=20the=20keyrings=20are=20stored=20in=20=
c:\gnupg
where=20everyone=20can=20access?=20About=20trojaning=20the=20binaries,=20how=
=20to
best=20alleviate=20the=20problem?


----=3D=3D=20Mailed=20via=20Openfind=20=3D=3D-----
http://mail2000.com.tw/=20=B4=A3=A8=D1=A7K=B6O=B9q=A4l=B6l=A5=F3=ABH=BDc