NYCPHP Meetup

[nycphp-talk] cookbook: gpg

David Sklar sklar at sklar.com
Tue Aug 12 17:59:51 EDT 2003


> I'd love to see a snippet showing how user nobody encrypts data
> without signing or requiring any secret key. That seems to be where
> I'm stuck. GPG needs access to the public keyring containing the
> recipients public key, right? If that's under my home directory then
> I have to open up the permissions on it so 'nobody' can get in there,
> no?

To sign without encrypting, pass -e without -s to gpg: "gpg -er foo at bar.com"
encrypts for foo at bar.com (and requires only foo at bar.com's public key);
"gpg -ser foo at bar.com" encrypts for foo at bar.com and also signs with the
default local user (and requires that user's private key).

GPG does need access to the public keyring with the recipient's public key.
Since it's a public keyring, it doesn't really matter if the world can see
it. Put the keys in a separate keyring, make that file world-readable
(perhaps putting it outside your home directory), and tell gpg about it
with --keyring.

David




More information about the talk mailing list