Sign key with externalized master key

Daniel Kahn Gillmor dkg at
Fri Feb 13 23:42:34 CET 2015

On Wed 2015-02-11 17:31:42 -0500, Xavier Maillard wrote:
> Daniel Kahn Gillmor <dkg at> writes:
>> The fact that you're using a FAT volume is the root cause here; FAT
>> filesystems do not have ownership or permissions, so when a modern OS
>> mounts them, it has to fake permissions for these files.
> Thank you for this precision. Are you aware of some "portable" and
> well supported by the 3-major OSes filesystem type ?

FAT, alas, is the portable filesystem that you're looking for.

UDF, mentioned elsewhere in this thread, is a read-only filesystem, and
i think it doesn't have ownership or permissions either.

I see two approaches:

 a) figure out how to get each operating system to mount the volume with
    tighter permissions

 b) convince gpg that looser permissions on fat32 filesystems are

I think (b) is the wrong way to go -- gpg is pointing out, rightly, that
your sensitive data is exposed.

So that leaves (a), which probably needs to be fixed anyway.  Your
operating system is exposing sensitive data from your USB stick (which
is supposed to be only yours, since you plugged it in while you were in
control of the machine) to any other user account on the computer.

Reporting this bug to your OS vendor would be a good thing, because it
would help other users of the same OS.



More information about the Gnupg-users mailing list