Sign key with externalized master key

flapflap flapflap at
Thu Feb 12 00:08:21 CET 2015

Xavier Maillard:
> Daniel Kahn Gillmor <dkg at> writes:
>> On Wed 2015-02-11 00:41:18 -0500, Xavier Maillard wrote:
>>> May I ask how one would sign public keys when a "master key" is
>>> stored onto an USB stick ?
>>> I followed instructions from [1]. Now I am in the process of
>>> announcing my key transition to all old signers *but*, as a last
>>> test, I just tested public signature with my "master key" and this is
>>> where troubles occur:
>>> LANG=C gpg --home /Volumes/FSF/.gnupg --recv-keys <A KEYID>
>>> gpg: WARNING: unsafe permissions on homedir `/Volumes/FSF/.gnupg'
>>> gpg: external program calls are disabled due to unsafe options file permissions
>>> gpg: keyserver communications error: General error
>>> gpg: keyserver receive failed: General error
>>> So what ? My USB stick is formated using extFat so permissions are
>>> something unknown.
>> The fact that you're using a FAT volume is the root cause here; FAT
>> filesystems do not have ownership or permissions, so when a modern OS
>> mounts them, it has to fake permissions for these files.
> Thank you for this precision. Are you aware of some "portable" and
> well supported by the 3-major OSes filesystem type ?

Since your issue only affects signing of other keys - which normally is
not a daily scenario - what about using a GNU/Linux live system/CD/USB
for that purpose?
That way you can use a normal GNU/Linux supported filesystem and don't
have to worry whether to trust your normal OS or which filesystem is
compatible with all OSses you intend to use.


More information about the Gnupg-users mailing list