Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
gpg: signing failed, permission denied
2,804 views
Skip to first unread message
Holger Wansing
Aug 9, 2018, 3:30:02 PM8/9/18
to
Hi,
I am unable to clearsign a file with gpg, always getting
permission denied errors.
However it does not tell me which is the file where permissions
are missing.
I checked all files I am aware of:
- the file to sign,
- all files in .gnupg and the .gnupg dir itself,
They are all fine.
How can I find out, which file is the problem?
Or maybe it is not a file, which makes the error, but a missing
permission for a process or .... ?
Holger
--
Sent from my Jolla phone
http://www.jolla.com/
I am unable to clearsign a file with gpg, always getting
permission denied errors.
However it does not tell me which is the file where permissions
are missing.
I checked all files I am aware of:
- the file to sign,
- all files in .gnupg and the .gnupg dir itself,
They are all fine.
How can I find out, which file is the problem?
Or maybe it is not a file, which makes the error, but a missing
permission for a process or .... ?
Holger
--
Sent from my Jolla phone
http://www.jolla.com/
W. Martin Borgert
Aug 9, 2018, 4:00:02 PM8/9/18
to
On 2018-08-09 19:27, Holger Wansing wrote:
> I am unable to clearsign a file with gpg, always getting
> permission denied errors.
Maybe https://bugs.debian.org/836772 or similar?
> I am unable to clearsign a file with gpg, always getting
> permission denied errors.
Holger Wansing
Aug 9, 2018, 6:00:02 PM8/9/18
to
Hi,
Yes! That's was exactly the problem: using gpg inside of su -.
Thanks for preventing me from going crazy
Holger
--
Holger Wansing <hwan...@mailbox.org>
PGP-Finterprint: 496A C6E8 1442 4B34 8508 3529 59F1 87CA 156E B076
Thanks for preventing me from going crazy
Holger
--
Holger Wansing <hwan...@mailbox.org>
PGP-Finterprint: 496A C6E8 1442 4B34 8508 3529 59F1 87CA 156E B076
Simon McVittie
Aug 10, 2018, 3:50:02 AM8/10/18
to
On Thu, 09 Aug 2018 at 23:58:22 +0200, Holger Wansing wrote:
> Yes! That's was exactly the problem: using gpg inside of su -.
Note that if you are trying to protect your key material from a
> Yes! That's was exactly the problem: using gpg inside of su -.
possibly-compromised main user account, switching from the main account
to the keyring account with su is not particularly effective: if the main
account can su to the keyring account, then it can run arbitrary code as
the keyring account. (The need to type a password into su mitigates this,
but anything in your X session could act as a keylogger to capture your
password for future use, so that's a weak protection at best.)
For real privilege-separation I would recommend making use of "fast
user switching" between different VTs, for example GNOME's "Switch User"
menu option for a graphical login, or Ctrl+Alt+F6 and starting a separate
text-mode login session.
Alternatively, you could move your key material onto a cryptographic token
(smart card) like a Nitrokey, Yubikey, Gnuk or similar.
smcv
Marc Haber
Aug 10, 2018, 5:20:02 AM8/10/18
to
On Thu, 9 Aug 2018 19:27:40 +0000, Holger Wansing
<hwan...@mailbox.org> wrote:
>I am unable to clearsign a file with gpg, always getting
>permission denied errors.
>However it does not tell me which is the file where permissions
>are missing.
>I checked all files I am aware of:
>- the file to sign,
>- all files in .gnupg and the .gnupg dir itself,
>
>They are all fine.
>
>How can I find out, which file is the problem?
The generic way would be stracing the process. And of course filing
<hwan...@mailbox.org> wrote:
>I am unable to clearsign a file with gpg, always getting
>permission denied errors.
>However it does not tell me which is the file where permissions
>are missing.
>I checked all files I am aware of:
>- the file to sign,
>- all files in .gnupg and the .gnupg dir itself,
>
>They are all fine.
>
>How can I find out, which file is the problem?
bugs about the error message being unhelpful as it should say which
file it tried to open.
Greetings
Marc
--
-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber | " Questions are the | Mailadresse im Header
Mannheim, Germany | Beginning of Wisdom " |
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834
0 new messages