A Key-gen-config file that autodeletes?

Werner Koch wk@gnupg.org
Tue Sep 11 12:58:01 2001


On Tue, 11 Sep 2001 01:58:13 -0700 (PDT), Len Sassaman said:


> Ah. Here's a reason to have a wipe function in GnuPG, similar to "pgp -w".
> Simply rm'ing a file that has the passphrase in it might not be enough for
> some people.
So replace rm(1) by shred(1). However, Colin Plumb says about shred (shred --help):
| CAUTION: Note that shred relies on a very important assumption:
| that the filesystem overwrites data in place. This is the traditional
| way to do things, but many modern filesystem designs do not satisfy this
| assumption. The following are examples of filesystems on which shred is
| not effective:
|
| * log-structured or journaled filesystems, such as those supplied with
| AIX and Solaris (and JFS, ReiserFS, XFS, etc.)
|
| * filesystems that write redundant data and carry on even if some writes
| fail, such as RAID-based filesystems
|
| * filesystems that make snapshots, such as Network Appliance's NFS server
|
| * filesystems that cache in temporary locations, such as NFS
| version 3 clients
|
| * compressed filesystems
The wiping should be a feature of the filesystem. -- Werner Koch Omnis enim res, quae dando non deficit, dum habetur g10 Code GmbH et non datur, nondum habetur, quomodo habenda est. Privacy Solutions -- Augustinus