gpg --list-sigs (root for other users)

Mark Kirchner mail at
Tue Mar 9 18:04:53 CET 2004


On Sunday, March 7, 2004, 9:14:54 AM, Neil wrote:
> [Keep the secring.gpg on a USB stick etc.]
> This way, you can still sign in a public environment without
> compromising your secret key but ONLY because your secret key never
> gets stored on the public machine.
> [snip]
> IMHO, any secret keys that are accessible to more than the sole
> verifiable owner of the key MUST be revoked as hopelessly
> compromised.

Hm, so you're acting on the assumption that the admin (or any users
with root privileges) can't be trusted and that they will (at least
potentially) abuse their power.

Well, using an USB stick won't help you then. The evil admin could
trivially and automatically copy your secret key exactly in the moment
your calling gpg. And no 10-word diceware passphrase will protect it
in this scenario, because the admin would log that just as well.

I know, I know, it _is_ (somewhat) safer to do it this way. The evil
admin has to jump through a few more hoops to get your key. But in the
end, it's just security by obscurity and might make you feel a lot
safer than it really is. IMHO at least.

So, ever done that USB stick thing? In this case, you should consider
your key "hopelessly compromised" and it "MUST be revoked". *smile*

Mark Kirchner

Key (0x19DC86D3):
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 183 bytes
Desc: not available
Url : /pipermail/attachments/20040309/0fb5a8de/attachment-0001.bin

More information about the Gnupg-users mailing list