standard comment
marqueandreprisal at duck.com
marqueandreprisal at duck.com
Mon May 25 06:36:55 CEST 2026
----------------------------------------
From:
f3yrlbz3pm6kidor3rtwgy6afwzhrfntf1mo89drhkjnd9ad5oe3o4s15ak0j58 at kolabnow.com
To: gnupg-users_at_gnupg.org_marqueandreprisal at duck.com
Date: May 25, 2026 02:36:47
Subject: intro
> Just let me introduce myself I am a GnuPG user looking for support. I
> am new to all of this gpg2 my experiece goes back to original PGP.
How would this fine community recommend to make a standardized comment
about keys being used in unsecure environments. For example buying an
android™ off of the shelf and using keys with GnuPG Termux or Open
Keychain is not sure because androids often have swap files which may be
setup to dump memory and snag the private key.
Something like: Note also that some systems (especially android™) may
have not secure swap files. This writes memory to disk. Unless measures
are taken in the operating system to protect memory the sensitive
material may be exposed.
Or: This key was created in an environment not known to be secure.
(android™)
Or some combination of both as concise as possible.
Another to agree with myself upon the comment section should officialy
make this a standard lack of security comment tag.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 281 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20260525/1fbec747/attachment.sig>
More information about the Gnupg-users
mailing list