<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">
</head>
<body>
<div dir="ltr">
<div></div>
<div>
<div>The 100+ servers only read the key. Each user ID has a sub-directory under a generic location so there are no warnings printed by gpg when using the key to decrypt files. Any operation that encrypts files imports the global key locally or uses User IDs
that have the same key locally and uses it for the encrypting.</div>
<div dir="ltr"><br>
</div>
<div dir="ltr">Again, the concern using the global keystore on the NAS is that it doesn’t cause issues if multiple servers are decrypting different files at the same time using the same key without using the random_seed file. Using the —no-random-seed-file
would eliminate the file locking issue, I believe.</div>
<div><br>
</div>
<div class="ms-outlook-ios-signature"></div>
</div>
<div id="id-073207dc-457f-4f9b-b6c9-9854bc696ed4" class="ms-outlook-mobile-reference-message">
<hr style="display: inline-block; width: 98%; font-family: -webkit-standard; font-size: 12pt; color: rgb(0, 0, 0);" tabindex="-1">
<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif"><b>From:</b> Gnupg-users <gnupg-users-bounces@gnupg.org> on behalf of Ángel <angel@pgp.16bits.net><br>
<b>Sent:</b> Sunday, April 25, 2021 7:51 PM<br>
<b>To:</b> gnupg-users@gnupg.org<br>
<b>Subject:</b> Re: Random_seed File Locking on NFS File System Across Networks/Domains Hangs
<div> </div>
</font></div>
<meta name="Generator" content="Microsoft Exchange Server">
<!-- converted from text --><style><!-- .EmailQuote { margin-left: 1pt; padding-left: 4pt; border-left: #800000 2px solid; } --></style><font size="2"><span style="font-size:11pt;">
<div class="PlainText">On 2021-04-25 at 13:11 +0000, Charlie Salemi via Gnupg-users wrote:<br>
> Would ignoring the file locking on the random_seed file with the --<br>
> no-random-seed-file option cause issues with independent processes<br>
> accessing the same keystore at the same time on different servers? <br>
> If so, what are those issues, and can they be avoided/worked around?<br>
<br>
No. Not using the random seed files means just, not using that file. It<br>
isn't used for synchronization.<br>
Although, you could face the same issue when they try to lock other<br>
files. How are you handling the changes to that keystore? Are those 100<br>
servers only reading the keys, or are they also *modifying* it (e.g.<br>
importing new keys) ?<br>
<br>
<br>
<br>
_______________________________________________<br>
Gnupg-users mailing list<br>
Gnupg-users@gnupg.org<br>
<a href="https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.gnupg.org%2Fmailman%2Flistinfo%2Fgnupg-users&data=04%7C01%7C%7C9d89eb24058444eb94e008d908450ce8%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637549914956463495%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=SwbfvbDf97w%2F%2FOPExS57YixLJgD%2B3fdfKT94OgtXIvM%3D&reserved=0">https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.gnupg.org%2Fmailman%2Flistinfo%2Fgnupg-users&data=04%7C01%7C%7C9d89eb24058444eb94e008d908450ce8%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637549914956463495%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=SwbfvbDf97w%2F%2FOPExS57YixLJgD%2B3fdfKT94OgtXIvM%3D&reserved=0</a><br>
</div>
</span></font></div>
</div>
</body>
</html>