Sign key with externalized master key

flapflap flapflap at riseup.net
Thu Feb 12 00:08:21 CET 2015


Xavier Maillard:
> 
> Daniel Kahn Gillmor <dkg at fifthhorseman.net> writes:
> 
>> On Wed 2015-02-11 00:41:18 -0500, Xavier Maillard wrote:
>>> May I ask how one would sign public keys when a "master key" is
>>> stored onto an USB stick ?
>>>
>>> I followed instructions from [1]. Now I am in the process of
>>> announcing my key transition to all old signers *but*, as a last
>>> test, I just tested public signature with my "master key" and this is
>>> where troubles occur:
>>>
>>> LANG=C gpg --home /Volumes/FSF/.gnupg --recv-keys <A KEYID>
>>> gpg: WARNING: unsafe permissions on homedir `/Volumes/FSF/.gnupg'
>>> gpg: external program calls are disabled due to unsafe options file permissions
>>> gpg: keyserver communications error: General error
>>> gpg: keyserver receive failed: General error
>>>
>>> So what ? My USB stick is formated using extFat so permissions are
>>> something unknown.
>>
>> The fact that you're using a FAT volume is the root cause here; FAT
>> filesystems do not have ownership or permissions, so when a modern OS
>> mounts them, it has to fake permissions for these files.
> 
> Thank you for this precision. Are you aware of some "portable" and
> well supported by the 3-major OSes filesystem type ?

Since your issue only affects signing of other keys - which normally is
not a daily scenario - what about using a GNU/Linux live system/CD/USB
for that purpose?
That way you can use a normal GNU/Linux supported filesystem and don't
have to worry whether to trust your normal OS or which filesystem is
compatible with all OSses you intend to use.

~flapflap



More information about the Gnupg-users mailing list