A Key-gen-config file that autodeletes?

Frank Tobin ftobin@neverending.org
Tue Sep 11 13:03:02 2001


Len Sassaman, at 01:58 -0700 on Tue, 11 Sep 2001, wrote:

   Ah. Here's a reason to have a wipe function in GnuPG, similar to
   "pgp -w". Simply rm'ing a file that has the passphrase in it might
   not be enough for some people.

While this has been pointed out before (and I'm not picking on you, Len),
I don't think it would be a good idea of GnuPG to try to emulate
everything that PGP does.  What's next, PGPnet in GnuPG? :)

The idea of having a wipe command might intrigue some people, there are
many things out of the user's control that could totally eliminate the
possiblity of a wipe doing what you want.  For example, the filesystem has
to guarantee that you are writing over the same data, and not just writing
it out someplace else, and forgetting the old stuff.

So, the concept of a wipe is very system-specific, and should stay out of
GnuPG's realm.  There are several wipe programs out there, feel free to
choose one of many.  You aren't guaranteed any of them will work for you.

I should note that on FreeBSD there is "rm -P" which has wipe-ish
behaviour.  I expect you are sort of guaranteed that it works like you'd
expect due to the "whole system deal" you get with FreeBSD.

-- 
Frank Tobin		http://www.neverending.org/~ftobin/