[nycphp-talk] cookbook: gpg

David Sklar sklar at
Tue Aug 12 17:59:51 EDT 2003

> I'd love to see a snippet showing how user nobody encrypts data
> without signing or requiring any secret key. That seems to be where
> I'm stuck. GPG needs access to the public keyring containing the
> recipients public key, right? If that's under my home directory then
> I have to open up the permissions on it so 'nobody' can get in there,
> no?

To sign without encrypting, pass -e without -s to gpg: "gpg -er foo at"
encrypts for foo at (and requires only foo at's public key);
"gpg -ser foo at" encrypts for foo at and also signs with the
default local user (and requires that user's private key).

GPG does need access to the public keyring with the recipient's public key.
Since it's a public keyring, it doesn't really matter if the world can see
it. Put the keys in a separate keyring, make that file world-readable
(perhaps putting it outside your home directory), and tell gpg about it
with --keyring.


More information about the talk mailing list