Keeping .gnupg folder in cloud
Robert J. Hansen
rjh at sixdemonbag.org
Thu Sep 18 18:04:37 CEST 2014
> couldn't it also be that the owner/admin of the cloud makes changes to
> the keyring? Like adding/removing keys. Dependent on the trust model
> (like trust-always) this could be a very bad idea... Or it could result
> in a DOS as the evil admin deleted the secret parts of some key pairs..
The biggest risk is the gpg.conf file, actually. If the admin silently
adds another "encrypt-to" and you don't notice it, then you're totally
hosed.
Like I have said -- there are a lot of files in .gnupg that probably
should not be hosted in the cloud.
More information about the Gnupg-users
mailing list