2

I am running Thunderbird with GnuPG on a dual OS machine (Ubuntu 14.04 and Windows 8.1). I forward Ubuntu's GnuPG to the Windows GnuPG with a symlink (according https://superuser.com/questions/852229/gnupg-in-thunderbird-w-enigmail-on-dual-os-machine). I automount the Windows partition with defaults,windows_names,rw,auto,user,exec using fstab, which gives full rights to GnuPG's config file on the windows part: -rwxrwxrwx 1 root root.

As I know from "Unsafe permissions on configuration file `/home/david/.gnupg/gpg.conf" What does it mean and how to fix?, GnuPG complains about to many rights for the config file, e.g. when I import keys. A warning message is below.

Optimally, it should only be -rw-------. To have that few permission on the config file, I should mount with other parameters. But then I had read and write access for the entire partition - which I don't want, because I really execute some of the files.

Another way would be to import keys only when I'm in Windows. Both ways are quite inconvenient.

Is there another way to stop GnuPG complaining? Can I, for example, override GnuPG's warnings?

Here is GnuPG's warning message:

Importing the keys failed

gpg: WARNING: unsafe permissions on configuration file `/home/michael/.gnupg/gpg.conf'
gpg: WARNING: unsafe enclosing directory permissions on configuration file `/home/michael/.gnupg/gpg.conf'
gpg: invalid size of lockfile `/home/michael/.gnupg/pubring.gpg.lock'
gpg: cannot read lockfile
gpg: can't lock `/home/michael/.gnupg/pubring.gpg'
gpg: invalid size of lockfile `/home/michael/.gnupg/secring.gpg.lock'
gpg: cannot read lockfile
gpg: can't lock `/home/michael/.gnupg/secring.gpg'
gpg: error writing keyring `/home/michael/.gnupg/pubring.gpg': general error
gpg: key B5CECC76: public key "[User ID not found]" imported
gpg: error reading `/tmp/0xB5CECC76.asc': general error
gpg: import from `/tmp/0xB5CECC76.asc' failed: general error
gpg: Total number processed: 0
gpg:               imported: 1  (RSA: 1)
Community
  • 1
MERose
  • 427
  • 11
  • 24

1 Answers1

0

Maybe sharing the entire config file / directory is causing problems, another method may work better.

  • Maybe a "shared keyring scheme" would be better, see man gpg for some of these possibly useful options:

    --keyring file
      Add  file to the current list of keyrings. If file begins with
      a tilde and a slash, these are replaced by  the  $HOME  direcā€
      tory.  If the filename does not contain a slash, it is assumed
      to be in the GnuPG home directory ("~/.gnupg" if --homedir  or
      $GNUPGHOME is not used).

      Note  that  this  adds  a  keyring to the current list. If the
      intent is to use the specified keyring  alone,  use  --keyring
      along with --no-default-keyring.

--secret-keyring file
      Same as --keyring but for the secret keyrings.

--primary-keyring file
      Designate  file as the primary public keyring. This means that
      newly imported keys (via --import  or  keyserver  --recv-from)
      will go to this keyring.

--no-default-keyring
      Do  not add the default keyrings to the list of keyrings. Note
      that GnuPG will not operate without any keyrings,  so  if  you
      use  this  option  and  do  not provide alternate keyrings via
      --keyring or --secret-keyring, then GnuPG will still  use  the
      default public or secret keyrings.

  • A possible option using different subkeys

Community
  • 1
Xen2050
  • 8,705