Storing keys under a different user...
Thomas Sjögren
thomas at northernsecurity.net
Thu Feb 12 12:11:13 CET 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thu, Feb 12, 2004 at 08:41:45AM +0100, Peter Valdemar Mørch wrote:
> I don't think I understand your objection: Only the specially
> priviledged chmod +s /usr/bin/gpg (or whatever) would be able to access
> nick's keys. None of the standard cat, copy, scp etc. would be able to
> access them. Things *have* changed.
Yes, but ...
> On a similar point: W/Should the user nick then be able to execute:
> gpg --edit
> gpg [-a] --export
> or especially:
> gpg [-a] --export-secret-keys
> ?
these options has to be available for the user and ...
> And editing the ~nick_key/.gnupg/gpg.conf should still be possible
> (only) for nick, right? Some way to do that also needs to be present.
this will also cause some problems.
If we skip the what-if-a-trojan talk and add a password for the --edit
and --export options that will leave us with the gpg.conf problem.
One solution could be a visudo type of thing.
/Thomas
- --
== thomas at northernsecurity.net | thomas at se.linux.org
== Encrypted e-mails preferred | GPG KeyID: 114AA85C
- --
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iQEVAwUBQCtfUdXAsD67qPj1AQJAUwf/deJSmUijCyW3oGcKpK4OogkVYuReso/D
8OcPx5843Flu68F1FOrBJX18l3hiPmqrGjNVUf0JQZ8tds2LO7M/gqmM2a6/BBxS
YtEKdUCHzXmnGFRMt1A9UXWHZjOpIFTEY+DWSouIlVFeJ9QSMuX+gwaan8B5+gQm
xOrpBipV4J3q06ZGSx8tgxiuCvCt0LISWO3zPI20UHbuP927x4k3KYtjc6HE/NWr
RMVAzu3N9KNTVh2EfJFqeQGNhz6wY3w9/rys3L30OWk2lg234qx/FMV3UscAIA33
tOlybKOooODFB5Xr+QMCUyy9wXb86qcSEd87zfOeliJ2WKh4T35qxA==
=STlq
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list