Keeping .gnupg folder in cloud

Robert J. Hansen rjh at sixdemonbag.org
Thu Sep 18 18:04:37 CEST 2014


> couldn't it also be that the owner/admin of the cloud makes changes to
> the keyring? Like adding/removing keys. Dependent on the trust model
> (like trust-always) this could be a very bad idea... Or it could result
> in a DOS as the evil admin deleted the secret parts of some key pairs..

The biggest risk is the gpg.conf file, actually.  If the admin silently
adds another "encrypt-to" and you don't notice it, then you're totally
hosed.

Like I have said -- there are a lot of files in .gnupg that probably
should not be hosted in the cloud.



More information about the Gnupg-users mailing list