Sign key with externalized master key
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Fri Feb 13 23:42:34 CET 2015
On Wed 2015-02-11 17:31:42 -0500, Xavier Maillard wrote:
> Daniel Kahn Gillmor <dkg at fifthhorseman.net> writes:
>
>> The fact that you're using a FAT volume is the root cause here; FAT
>> filesystems do not have ownership or permissions, so when a modern OS
>> mounts them, it has to fake permissions for these files.
>
> Thank you for this precision. Are you aware of some "portable" and
> well supported by the 3-major OSes filesystem type ?
FAT, alas, is the portable filesystem that you're looking for.
UDF, mentioned elsewhere in this thread, is a read-only filesystem, and
i think it doesn't have ownership or permissions either.
I see two approaches:
a) figure out how to get each operating system to mount the volume with
tighter permissions
b) convince gpg that looser permissions on fat32 filesystems are
acceptable
I think (b) is the wrong way to go -- gpg is pointing out, rightly, that
your sensitive data is exposed.
So that leaves (a), which probably needs to be fixed anyway. Your
operating system is exposing sensitive data from your USB stick (which
is supposed to be only yours, since you plugged it in while you were in
control of the machine) to any other user account on the computer.
Reporting this bug to your OS vendor would be a good thing, because it
would help other users of the same OS.
--dkg
More information about the Gnupg-users
mailing list