Thank you very much for the very informative information. I have locked down some of the permissions.
I attempted key signing but was not successful. I received the following output: [la...@lsftest1/usr/local/bin # ./gpg --edit-key REWARD pub 1024D/C2126D6D created: 2009-02-23 expires: never usage: SC trust: unknown validity: unknown sub 2048g/4D5AFE2E created: 2009-02-23 expires: never usage: E [ unknown] (1). REWARD data interchange 2009 Command> sign gpg: no default secret key: secret key not available Command> Any help is appreciated! Thank you, Connie Rodriguez >>> Daniel Kahn Gillmor <d...@fifthhorseman.net> 10/14/2009 3:17 PM >>> Hi Connie-- On 10/14/2009 01:55 PM, CONNIE RODRIGUEZ wrote: > + /usr/local/bin/gpg -e -r REWARD > /law/test/law/test/interface/watsonwyatt/data/epay.txt > gpg: WARNING: unsafe permissions on configuration file > `/home/lawhr/.gnupg/gpg.conf' This suggests that your configuration file may be readable or writable by other users. You can view the permissions on that file with: ls -l /home/lawbr/.gnupg/gpg.conf You can lock it down with: chmod go-rwx /home/lawbr/.gnupg/gpg.conf (note here that "go-rwx" means "remove (-) read (r), write (w), and execute (x) from group (g) and all other users (o)" ) If you're not sure about the concept of filesystem permissions, it's worthwhile to think about them a bit. they'll come up fairly often on unix systems. wikipedia has a good start: http://en.wikipedia.org/wiki/File_system_permissions#Notation_of_traditional_Unix_permissions > gpg: WARNING: unsafe enclosing directory permissions on > configuration file `/home/lawhr/.gnupg/gpg.conf' This is due to a directory being potentially readable or writable by other users. You can lock down the "enclosing directory" with: chmod go-rwx`/home/lawhr/.gnupg/ > gpg: WARNING: using insecure memory! Search for "insecure memory" in the gpg manual page (try "man gpg") for more information about this error under the BUGS section. You may either want to make gpg setuid root (if secure memory is important to you) or to tell gpg to ignore this particular error by adding the relvant option to your gpg.conf file. > gpg: please see http://www.gnupg.org/faq.html for more > information have you read this? It's worth reading! You might be interested in section 6.1 in particular: http://www.gnupg.org/faq.html#q6.1 > gpg: 4D5AFE2E: There is no assurance this key belongs to the > named user this is likely because you've imported the "REWARD" key into your remote system without indicating any particular "ultimate" ownertrust. gpg does a fair amount of work to make sure that keys belong to who you think they should belong to -- it doesn't make any sense to encrypt data to a key if you aren't sure whose key it is. Presumably, there is someone who is making reasonable assertions about which keys belong to which entities, and signing those keys. You probably want to designate "ultimate" ownertrust for that certifier on your server. For example, if you hold key DECAFBAD privately (off-server), but you use that key to sign the REWARD key, you could import the DECAFBAD public key on the server, and then (still on the server) do: gpg --edit-key DECAFBAD trust and then choose "ultimate" ownertrust. Make sense? > gpg: cannot open `/dev/tty': There is a request to a device > or address that does not exist. i dunno why this is coming up; what operating system are you running this on? what version of gpg? did you build it yourself, or is it the version provided by your OS? hth, --dkg Please consider the environment before printing this e-mail. This e-mail, facsimile, or letter and any files or attachments transmitted with it contains information that is confidential and privileged. This information is intended only for the use of the individual(s) and entity(ies) to whom it is addressed. If you are the intended recipient, further disclosures are prohibited without proper authorization. If you are not the intended recipient, any disclosure, copying, printing, or use of this information is strictly prohibited and possibly a violation of federal or state law and regulations. If you have received this information in error, please notify Children's Medical Center Dallas immediately at 214-456-4444 or via e-mail at priv...@childrens.com. Children's Medical Center Dallas and its affiliates hereby claim all applicable privileges related to this information. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users