Need non-writable --homedir
jw at raven.inka.de
Mon Sep 11 21:49:42 CEST 2006
Thanks for your response, Robert!
On Sun, Sep 10, 2006 at 05:36:33PM -0500, Robert J. Hansen wrote:
> Josef Wolf wrote:
> > 1. It locks the keyring. --lock-never will avoid this. Is it safe
> > to use --lock-never as long as it is guaranteed that _only_ "gpg -e"
> > is ever run? No key generation, no imports, no signung. Only
> > "gpg -e". Is this safe?
> Locking is a concurrency mechanism. As such, as long as you can
> guarantee that only one process will ever use the keyring, you should be
> fine regardless of what you do.
> Concurrent encryptions should be safe as well.
> > 2. There's the random_seed file. It is modified at every run.
> With good reason. Random number generation is important, and if you
> keep the same seed values it's possible for the same values to be
> generated, in which case it's not very random at all.
I wondered why /dev/random is not used.
It seems that "gpg -e --no-random-seed-file --lock-never -r foobar" does
what I want. With this, only a warning about trustdb not beeing writable
is issued. Can I safely ignore this warning? Does --no-random-seed-file
force /dev/random to be used?
> > Any ideas?
> My first idea, and I think the best suggestion, is to look into
> rearchitecting your solution so that this kind of lockdown isn't
I think my architecture should be OK. But I'm open for suggestions.
Here's a (simplified, bacause it is OT on this list) description of
what I try to do:
The goal is to make backups over the network (similar to amanda).
For this I set up an account named "backupserver" on the server and a
"backupclient" on the client. Backupserver's public key is copied to
backupclient at client:~/.ssh/authorized_keys. Backupserver initiates
a backup via
$ ssh backupclient at client sudo /usr/local/bin/sendbackup >out
sendbackup runs gnutar as root and gpg as backupclient. To make sure
that backupserver at server is not able to request unencrypted data, I need
to make sure that backupclient is not able to modify the keyring.
Please drop me a note if you see any flaws in such a setup.
More information about the Gnupg-users