security of local keyring

metalevel at metalevel at
Mon Jul 22 17:19:48 CEST 2019


I want to use GPG for rather simple authentication of downloaded files. I made a test installation on a Windows box, then imported and validated (via fingerprint) the public keys of some sources.

Now I have the following question. Is there some means of access control for the public keyring?
It seems, there is no privilege distinction between managing the local keyring and using it. When the user is able to freely import and delete public keys, there's no prevention of some malware tampering with the keyring either.

More information about the Gnupg-users mailing list