----------------------------------------From: f3yrlbz3pm6kidor3rtwgy6afwzhrfntf1mo89drhkjnd9ad5oe3o4s15ak0...@kolabnow.com
To: [email protected] Date: May 25, 2026 02:36:47 Subject: intro
Just let me introduce myself I am a GnuPG user looking for support. I am new to all of this gpg2 my experiece goes back to original PGP.
How would this fine community recommend to make a standardized comment about keys being used in unsecure environments. For example buying an androidâ„¢ off of the shelf and using keys with GnuPG Termux or Open Keychain is not sure because androids often have swap files which may be setup to dump memory and snag the private key.
Something like: Note also that some systems (especially androidâ„¢) may have not secure swap files. This writes memory to disk. Unless measures are taken in the operating system to protect memory the sensitive material may be exposed.
Or: This key was created in an environment not known to be secure. (androidâ„¢)
Or some combination of both as concise as possible.Another to agree with myself upon the comment section should officialy make this a standard lack of security comment tag.
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list [email protected] https://lists.gnupg.org/mailman/listinfo/gnupg-users
