--lock-never key corruption with encryption only?

Lenny Marks lenny at aps.org
Wed Jan 10 04:45:06 CET 2007 

I'm attempting to use gpg to encrypt account information entered via  
a web application which will then be emailed to an external site(a  
single destination). Just to verify my understanding(and please  
correct me if I'm wrong), in a normal usage scenario, I would use the  
public key of my email recipient to encrypt the messages. To ensure  
that the public key being used hasn't been compromised, I would sign  
it using my private key. This way if someone was to alter the public  
key, gpg would detect that the signatures don't match during the  
encryption process and complain.

Now to complicate things, my webapp isn't dedicated to me. It's an  
Apache server that runs as www:www or something like that. So I can't  
access the webserver user directly. I was thinking that I would use  
my own account to sign the key and use the --homedir option to point  
at my .gnupg directory. I was wanted to make that directory group  
owned by the webserver group(www) and make it group read-only. I was  
concerned about giving group write access because anyone/process in  
the webserver group would be able to compromise the keys.

 > gpg  --homedir=/Users/lenny/.gnupg --output test.pgp --encrypt -- 
recipient myrecipient at somewhere.com $HOME/x.txt

gpg: WARNING: unsafe ownership on homedir `/Users/lenny/.gnupg'
gpg: failed to create temporary file `/Users/ 
lenny/.gnupg/.#lk0x5008f0.lennylt.20080': Permission denied
gpg: fatal: can't create lock for `/Users/lenny/.gnupg/trustdb.gpg'
secmem usage: 1408/1408 bytes in 2/2 blocks of pool 1408/32768

Now I've been able to get it to work by using the following:

 > gpg  --homedir=/Users/lenny/.gnupg --output test.pgp --encrypt -- 
no-random-seed-file --lock-never  --recipient  
myrecipient at somewhere.com $HOME/x.txt

--no-random-seed-file as far as I can tell only impacts performance 
(encryption performance?) which I can live with. It won't work  
without the --lock-never, but I was concerned about using that. The  
documentation states:
<quote>
Disable locking entirely. This option should be used only in very  
special environments, where it can be assured that only one process  
is accessing those files. A bootable floppy with a stand-alone  
encryption system will probably use this. Improper usage of this  
option may lead to data and key corruption.
</quote>

It seems that all I need is to read the keys, so do I still need to  
be concerned about key corruption even if multiple processes may be  
accessing the files?

Thanks,
-lenny

Lenny Marks
Senior Software Engineer
American Physical Society
lenny at aps.org

More information about the Gnupg-users mailing list