我在双操作系统机器(Ubuntu 14.04 和 Windows 8.1)上运行带有 GnuPG 的 Thunderbird。我使用符号链接将 Ubuntu 的 GnuPG 转发到 Windows GnuPG(根据https://superuser.com/questions/852229/gnupg-in-thunderbird-w-enigmail-on-dual-os-machinedefaults,windows_names,rw,auto,user,exec
)。我使用自动挂载 Windows 分区fstab
,这将授予 Windows 部分 GnuPG 配置文件的完整权限:-rwxrwxrwx 1 root root
。
据我所知“配置文件“/home/david/.gnupg/gpg.conf”的权限不安全”这是什么意思以及如何修复?,GnuPG 抱怨配置文件的权限太多,例如当我导入密钥时。下面是一条警告消息。
理想情况下,它应该只有-rw-------
。为了对配置文件拥有那么少的权限,我应该使用其他参数进行挂载。但这样我就拥有了对整个分区的读写访问权限 - 我不想要,因为我确实执行了一些文件。
另一种方法是仅在 Windows 中导入密钥。这两种方法都很不方便。
还有其他方法可以阻止 GnuPG 抱怨吗?例如,我可以忽略 GnuPG 的警告吗?
以下是 GnuPG 的警告信息:
Importing the keys failed
gpg: WARNING: unsafe permissions on configuration file `/home/michael/.gnupg/gpg.conf'
gpg: WARNING: unsafe enclosing directory permissions on configuration file `/home/michael/.gnupg/gpg.conf'
gpg: invalid size of lockfile `/home/michael/.gnupg/pubring.gpg.lock'
gpg: cannot read lockfile
gpg: can't lock `/home/michael/.gnupg/pubring.gpg'
gpg: invalid size of lockfile `/home/michael/.gnupg/secring.gpg.lock'
gpg: cannot read lockfile
gpg: can't lock `/home/michael/.gnupg/secring.gpg'
gpg: error writing keyring `/home/michael/.gnupg/pubring.gpg': general error
gpg: key B5CECC76: public key "[User ID not found]" imported
gpg: error reading `/tmp/0xB5CECC76.asc': general error
gpg: import from `/tmp/0xB5CECC76.asc' failed: general error
gpg: Total number processed: 0
gpg: imported: 1 (RSA: 1)
答案1
也许共享整个配置文件/目录会导致问题,另一种方法可能会更好。
也许“共享密钥环方案”会更好,请参阅
man gpg
以下一些可能有用的选项:--keyring file Add file to the current list of keyrings. If file begins with a tilde and a slash, these are replaced by the $HOME direc‐ tory. If the filename does not contain a slash, it is assumed to be in the GnuPG home directory ("~/.gnupg" if --homedir or $GNUPGHOME is not used). Note that this adds a keyring to the current list. If the intent is to use the specified keyring alone, use --keyring along with --no-default-keyring. --secret-keyring file Same as --keyring but for the secret keyrings. --primary-keyring file Designate file as the primary public keyring. This means that newly imported keys (via --import or keyserver --recv-from) will go to this keyring. --no-default-keyring Do not add the default keyrings to the list of keyrings. Note that GnuPG will not operate without any keyrings, so if you use this option and do not provide alternate keyrings via --keyring or --secret-keyring, then GnuPG will still use the default public or secret keyrings.
使用不同子密钥的可能选项