gpgsafe - wrapper for gpg to protect against secret key atta
Lionel Elie Mamane
lionel@mamane.lu
Wed Jul 4 08:43:01 2001
--gKMricLos+KVdGMg
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Tue, Jul 03, 2001 at 07:05:32PM -0600, Kurt Fitzner wrote:
> > Hmm... If one person is able to edit your keyring, why won't she
> > be able to trojan the GnuPG binary, the gpgsafe wrapper, or simply
> > run "updategpgsafe", too?
> No. The 'updategpgsafe' script uses gpg to sign. This requires you
> to enter the passphrase for the secret key.
Yep, I overlooked that... The gpgsafe wrapper had better be writable
only by root, so it can't be trojaned...
--=20
Lionel Elie Mamane
RFC 1991 (PGP 2.x) 2048 bits Key Fingerprint (KeyID: 20C897E9):
85CF 986F 263E 8CD0 80FD 4B8C F5F9 C17D
OpenPGP DH/DSS 4096/1024 Key Fingerprint (KeyID: 3E7B4B73):
9DAD 3131 3ADA F50B D096 002A B1C4 7317 3E7B 4B73
--gKMricLos+KVdGMg
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE7QrtGscRzFz57S3MRAoB2AJ9sImS8MSSuc2l5wH1ZmUkSVNxaNgCgwbVf
Juw1ujf3XQ6sQbwewUl9Y3A=
=CXyA
-----END PGP SIGNATURE-----
--gKMricLos+KVdGMg--