gpg use in Debian popcon

Werner Koch wk at gnupg.org
Thu Aug 1 09:44:50 CEST 2013


On Wed, 31 Jul 2013 13:51, Bill.Allombert at math.u-bordeaux1.fr said:

> gpg --no-default-keyring --keyring debian-popcon.gpg --trust-model=always \
>     --armor -o "$POPCONGPG" -r "$POPCONKEY" --encrypt "$POPCON"

You better add the option "--batch" and because you are using "-o" you
should also use "--yes" so that an existing output file will be
overwritten.

> 1) This creates spurious empty files in /root/.gnupg

Well it should at least create a random_seed file.  This is in general a
good idea.  If you don't want it use "--no-random-seed-file".

As Daniel already mentioned, using "--no-options" inhinit the creation
of the standard ~/.gnupg directory.

What other files you don't want are created?

What is the problem with these files?  After all root is using gpg and
thus it needs to keep some state.  Agreed, your application is quite
special in that you only need one key and thus it seems to be
superfluous.  But what if a script needs to verify a signature - root
will need a .gnupg as well.

> 2) I was told --keyring will be removed in gpg2, and obviously I cannot
> use gpgv.

No, that is not the case.  I talked about removing the support for
multiple keyrings, because that has a lot of problems.  The option to
specify a keyring for the public keys will not go away.  The option
--secret-keyring will have no more effect in 2.1.


Shalom-Salam,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.




More information about the Gnupg-users mailing list