gpgme: Pre-loading keyrings?
Jann Fischer
rezine at mistrust.net
Sun May 18 22:23:01 CEST 2003
Hello list,
is it, or could it by any means be, possible to "pre load" a keyring to
use with gpgme? The reason for this question is, to have an application
run in a minimalistic chroot(2) environment without exposing the keyring
in case an attacker could gain access through the application. I thought
on something like:
--<snip>--
/* running privileged, bad idea yadda yadda */
GpgmeKeyring keyring;
/* Loads from default location, $HOME/.gnupg */
keyring = gpgme_load_keyring();
chroot("/var/somewhere"); chdir("/");
setgid(32768); setuid(32768);
/* [...] */
gpgme_new(&ctx);
/*
Tell the gpgme context to use the preloaded keyring object instead
of looking for it in $HOME/.gnupg
*/
gpgme_set_keyring(ctx, keyring);
gpgme_decrypt(...);
--<snap>--
I'm quite sure it's not possible already, yet I think it would be a
pretty nice feature to have. So, does the current overall design in
GnuPG / libgpgme prevent this feature at all, or would it (by hacking
something up) be possible to implement this functionality?
Just a thought and something I could need for an application I write.
Cheers,
Jann
--
Be careful who you follow.
0x6D839821 | FA8C 3663 9906 D8C3 AC16 F7C4 66E0 F351 6D83 9821
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : /pipermail/attachments/20030518/29b3f79c/attachment.bin
More information about the Gnupg-devel
mailing list