Need non-writable --homedir

Werner Koch wk at gnupg.org
Mon Sep 11 09:32:04 CEST 2006


On Mon, 11 Sep 2006 00:16, Josef Wolf said:

>  1. It locks the keyring.  --lock-never will avoid this.  Is it safe
>     to use --lock-never as long as it is guaranteed that _only_ "gpg -e" 

If the keyrings are read-only, there is no need for locking. Thus
--lock-never is safe.

>  2. There's the random_seed file.  It is modified at every run.  How can
>     I handle this?  I bet it would be a security problem should someone
>     be able to read this file.  Would it be possible to put it into a
>     different directory?

Out of performance reasons it is better to have the random seed file
and it should be writable.  Twehre isno way to have it inanother
directory.  Thus it is better to follow Remco Post's suggestionhand
have only the keyrings at a different location.

>  3. gpg writes temporary files into ~/.gnupg while encrypting.

No, it does not.  At least not if the keyrings are read-only and
locking is disabled.

The temporary files you encounter are from keyring write operations or
locking.



Shalom-Salam,

   Werner




More information about the Gnupg-users mailing list