Implications of a common private keys directory in 2.1
caro at nymph.paranoici.org
Tue Nov 22 19:17:10 CET 2016
Peter Lebbing <peter at digitalbrains.com> wrote:
>On 22/11/16 02:54, Carola Grunwald wrote:
>> - In a multi-user environment the key owning recipient has to be granted
>> access to the private key with some sender being restricted to only use
>> the public key no matter whether there's any chance s/he guesses the
>> correct passphrase.
>That's what filesystem permissions are for? Like I just said in the
>other mail, if each user has their own system account, they can't access
>the files containing the encrypted private keys of other users.
You seriously recommend to run a dedicated gpg-agent instance for each
of dozens if not hundreds of mail service users? You have to consider
that these gpg-agent services are meant to persistent beyond the initial
data processing call. Compared with my current single-agent approach
with task-queuing not really resource-efficient, is it?
More information about the Gnupg-users