Thank you very much for the very informative information. I have locked down
some of the permissions.
I attempted key signing but was not successful. I received the following
output:
[la...@lsftest1/usr/local/bin # ./gpg --edit-key REWARD
pub 1024D/C2126D6D created: 2009-02-23 expires: never usage: SC
trust: unknown validity: unknown
sub 2048g/4D5AFE2E created: 2009-02-23 expires: never usage: E
[ unknown] (1). REWARD data interchange 2009
Command> sign
gpg: no default secret key: secret key not available
Command>
Any help is appreciated!
Thank you,
Connie Rodriguez
>>> Daniel Kahn Gillmor <d...@fifthhorseman.net> 10/14/2009 3:17 PM >>>
Hi Connie--
On 10/14/2009 01:55 PM, CONNIE RODRIGUEZ wrote:
> + /usr/local/bin/gpg -e -r REWARD
> /law/test/law/test/interface/watsonwyatt/data/epay.txt
> gpg: WARNING: unsafe permissions on configuration file
> `/home/lawhr/.gnupg/gpg.conf'
This suggests that your configuration file may be readable or writable
by other users. You can view the permissions on that file with:
ls -l /home/lawbr/.gnupg/gpg.conf
You can lock it down with:
chmod go-rwx /home/lawbr/.gnupg/gpg.conf
(note here that "go-rwx" means "remove (-) read (r), write (w), and
execute (x) from group (g) and all other users (o)" )
If you're not sure about the concept of filesystem permissions, it's
worthwhile to think about them a bit. they'll come up fairly often on
unix systems. wikipedia has a good start:
http://en.wikipedia.org/wiki/File_system_permissions#Notation_of_traditional_Unix_permissions
> gpg: WARNING: unsafe enclosing directory permissions on
> configuration file `/home/lawhr/.gnupg/gpg.conf'
This is due to a directory being potentially readable or writable by
other users. You can lock down the "enclosing directory" with:
chmod go-rwx`/home/lawhr/.gnupg/
> gpg: WARNING: using insecure memory!
Search for "insecure memory" in the gpg manual page (try "man gpg") for
more information about this error under the BUGS section. You may
either want to make gpg setuid root (if secure memory is important to
you) or to tell gpg to ignore this particular error by adding the
relvant option to your gpg.conf file.
> gpg: please see http://www.gnupg.org/faq.html for more
> information
have you read this? It's worth reading! You might be interested in
section 6.1 in particular:
http://www.gnupg.org/faq.html#q6.1
> gpg: 4D5AFE2E: There is no assurance this key belongs to the
> named user
this is likely because you've imported the "REWARD" key into your remote
system without indicating any particular "ultimate" ownertrust.
gpg does a fair amount of work to make sure that keys belong to who you
think they should belong to -- it doesn't make any sense to encrypt data
to a key if you aren't sure whose key it is.
Presumably, there is someone who is making reasonable assertions about
which keys belong to which entities, and signing those keys. You
probably want to designate "ultimate" ownertrust for that certifier on
your server. For example, if you hold key DECAFBAD privately
(off-server), but you use that key to sign the REWARD key, you could
import the DECAFBAD public key on the server, and then (still on the
server) do:
gpg --edit-key DECAFBAD
trust
and then choose "ultimate" ownertrust. Make sense?
> gpg: cannot open `/dev/tty': There is a request to a device
> or address that does not exist.
i dunno why this is coming up; what operating system are you running
this on? what version of gpg? did you build it yourself, or is it the
version provided by your OS?
hth,
--dkg
Please consider the environment before printing this e-mail.
This e-mail, facsimile, or letter and any files or attachments transmitted with
it contains
information that is confidential and privileged. This information is intended
only for the
use of the individual(s) and entity(ies) to whom it is addressed. If you are
the intended
recipient, further disclosures are prohibited without proper authorization. If
you are not
the intended recipient, any disclosure, copying, printing, or use of this
information is
strictly prohibited and possibly a violation of federal or state law and
regulations. If you
have received this information in error, please notify Children's Medical
Center Dallas
immediately at 214-456-4444 or via e-mail at priv...@childrens.com. Children's
Medical
Center Dallas and its affiliates hereby claim all applicable privileges related
to this
information.
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
