Is a .gnupg directory /w write access mandatory?
David Shaw
dshaw at jabberwocky.com
Sat May 1 19:21:30 CEST 2004
On Sat, May 01, 2004 at 05:16:12PM +0200, Joe Schulz wrote:
>
> Hello all,
>
> I am trying to use gnupg in a boot script for a high-security boot
> process. It only has to decrypt an ascii-armored symmetric ciphertext
> but at the moment it fails miserably because gnupg seems to ultimately
> demand write access to some .gnupg directory even if it is not needed
> for the task at all!
> At that point in the boot process there is no writable file system
> whatsoever because we still need to decrypt those keys for the file
> systems to mount! Talk about tail biting...
> I'd rather not mount a RAM-disk just for the purpose of getting around
> this, so is there some - maybe undocumented - way to make gnupg just
> decrypt my file and skip the ".gnupg" issue?
It is documented. The problem is that GnuPG is trying to save the
random number seed file. If you don't want this to happen, use
--no-random-seed-file.
David
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 330 bytes
Desc: not available
Url : /pipermail/attachments/20040501/46692a7a/attachment.bin
More information about the Gnupg-users
mailing list