[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Help! I messed up guix-past

From: Ludovic Courtès
Subject: Re: Help! I messed up guix-past
Date: Mon, 12 Sep 2022 17:26:14 +0200
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/28.1 (gnu/linux)


Konrad Hinsen <> skribis:

> In my case, $PATH has my Guix profile first, and I always run the gpg
> from my Guix profile. But it picks up the gpg-agent from Ubuntu, which
> lives at /usr/bin/gpg-agent.


> It may well be possible to fix this issue (for example, patch gnupg such
> that it launches the agent via the full path to the store), but for me
> there is also a loss-of-confidence issue. If a messed-up software
> installation grants password-less access to my keys, then my keys
> effectively have no password protection any more. Attackers only need to
> install two different gpg versions to have access to my keys. That's why
> I want to get rid of gpg, rather than fix it superficially.

Maybe there’s a misunderstanding because AFAIK, what you describe is not
possible.  Passphrase-protected keys are effectively encrypted, using
symmetric encryption:

You can see them in ~/.gnupg/private-keys-v1.d/.

Such keys cannot be accessed without knowing the passphrase, no matter
what software you use.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]