[pkg-cryptsetup-devel] Bug#903163: gpg-encrypted-root -- Encrypt root volumes with an OpenPGP smartcard
Peter Lebbing
peter at digitalbrains.com
Tue Sep 25 15:16:31 BST 2018
On 25/09/2018 02:10, Guilhem Moulin wrote:
> Then shouldn't the following be enough, and
> save a temporary file?
>
> `| gpg --no-default-keyring --keyring … --trust-model=always --import`
I thought so but was wrong.
Without relocating trustdb.gpg to somewhere else, it will lose all
information in there. The only key in the keyring is the imported key,
and all other trust info is purged, even though there is trust-model
always. This is the user's real homedir... and what I meant when I said
I lost my actual trustdb.
That was the purpose of TMPTRUST.
But since the --import should be fast enough to an empty keyring, it is
much more solid to just --import inside the initramfs.
Peter.
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-cryptsetup-devel/attachments/20180925/cb053c4f/attachment.sig>
More information about the pkg-cryptsetup-devel
mailing list