[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: GPG memory is not secure.

Hi,

> On Tue, 19 Aug 2014 21:49, pentakonix@openmailbox.org said:
>> I know the product is not support under Debian / kFreeBSD but i would
try :

That will be interesting;  it is surprising that some applications work
on GNU/kFreeBSD although the developer didn't try it.

>> gpg: WARNING: using insecure memory!
>> gpg: please see http://www.gnupg.org/faq.html for more information

This is normal with kFreeBSD 8 or 9 (in squeeze/wheezy).  Just be
careful that if you have any swap devices configured, sensitive data
could be written to them.

>> gpg: no valid OpenPGP data found. 

That is probably an error being experienced by the installer.

On 19/08/14 22:41, Werner Koch wrote:
> The reason for that warning is that the mlock() call failed to mark a
> couple of memory pages as non-swapable.
> 
> [...]  I am
> not sure about the current status on BSD kernels and frankly I tend to
> ignore the warning or use no-secmem-warning in my gpg.conf.  Encrypted
> swap is anyway a better protection.

kFreeBSD 10 (in jessie/sid) or later allows unprivileged users to
mlock() a small amount of memory, and IIRC that warning has gone away.

If encrypted disks or swap are desired, Debian GNU/kFreeBSD wheezy
supports geli(8) (in Debian package "geom"), but it must be configured
manually (it isn't supported yet in the installer).

Regards,
-- 
Steven Chamberlain
steven@pyro.eu.org
Reply to: