hey guys

i need to restrict access to the GNUPG program because of the possibility that sensitive data like encryption keys and passwords that it is using may be written into the virtual memory swap partition on the hard disk and thus be retrieved at a later date long after the program has erased these important values from memory and finished executing.

im a newbie to unix so the question might sound stupid. would be it be possible to somehow give access to a number of people without actually having the remove it from the system or remove the setuid permission?? feedback would be appreciated

mile1982

I remember I have seen this topic, also a journaling file system can be a security risk. There exists a solution about writing random garbadge into the swap file or swap partition. But Even if you destroy the entire hard disk, sensitive data can be recovered from RAM. I think Bruce schneier wrote about using dd to delete a swap partition. I have forgotten all details but It could be that truecrypt can help you.

Anyone with access physical to your machine IS a security risk.

Please use chmod chgroup and chown to hide your files. Or simply delete them and use a USB Memory stick.

This is an old thread, but now recent versions of gpg will complain loudly if they are run without being suid to root. The root priviledge is to address this issue by locking data into memory so no swapping is possible.