gpg: signing failed, permission denied

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

gpg: signing failed, permission denied

Holger Wansing-4
Hi,

I am unable to clearsign a file with gpg, always getting
permission denied errors.
However it does not tell me which is the file where permissions
are missing.
I checked all files I am aware of:
- the file to sign,
- all files in .gnupg and the .gnupg dir itself,

They are all fine.

How can I find out, which file is the problem?
 
Or maybe it is not a file, which makes the error, but a missing
permission for a process or .... ?


Holger


--
Sent from my Jolla phone
http://www.jolla.com/
Reply | Threaded
Open this post in threaded view
|

Re: gpg: signing failed, permission denied

W. Martin Borgert
On 2018-08-09 19:27, Holger Wansing wrote:
> I am unable to clearsign a file with gpg, always getting
> permission denied errors.

Maybe https://bugs.debian.org/836772 or similar?

Reply | Threaded
Open this post in threaded view
|

Re: gpg: signing failed, permission denied

Holger Wansing-4
Hi,

"W. Martin Borgert" <[hidden email]> wrote:
> On 2018-08-09 19:27, Holger Wansing wrote:
> > I am unable to clearsign a file with gpg, always getting
> > permission denied errors.
>
> Maybe https://bugs.debian.org/836772 or similar?

Yes! That's was exactly the problem: using gpg inside of su -.

Thanks for preventing me from going crazy


Holger


--
Holger Wansing <[hidden email]>
PGP-Finterprint: 496A C6E8 1442 4B34 8508  3529 59F1 87CA 156E B076

Reply | Threaded
Open this post in threaded view
|

Re: gpg: signing failed, permission denied

Simon McVittie-7
On Thu, 09 Aug 2018 at 23:58:22 +0200, Holger Wansing wrote:
> Yes! That's was exactly the problem: using gpg inside of su -.

Note that if you are trying to protect your key material from a
possibly-compromised main user account, switching from the main account
to the keyring account with su is not particularly effective: if the main
account can su to the keyring account, then it can run arbitrary code as
the keyring account. (The need to type a password into su mitigates this,
but anything in your X session could act as a keylogger to capture your
password for future use, so that's a weak protection at best.)

For real privilege-separation I would recommend making use of "fast
user switching" between different VTs, for example GNOME's "Switch User"
menu option for a graphical login, or Ctrl+Alt+F6 and starting a separate
text-mode login session.

Alternatively, you could move your key material onto a cryptographic token
(smart card) like a Nitrokey, Yubikey, Gnuk or similar.

    smcv

Reply | Threaded
Open this post in threaded view
|

Re: gpg: signing failed, permission denied

Marc Haber-3
In reply to this post by Holger Wansing-4
On Thu, 9 Aug 2018 19:27:40 +0000, Holger Wansing
<[hidden email]> wrote:

>I am unable to clearsign a file with gpg, always getting
>permission denied errors.
>However it does not tell me which is the file where permissions
>are missing.
>I checked all files I am aware of:
>- the file to sign,
>- all files in .gnupg and the .gnupg dir itself,
>
>They are all fine.
>
>How can I find out, which file is the problem?

The generic way would be stracing the process. And of course filing
bugs about the error message being unhelpful as it should say which
file it tried to open.

Greetings
Marc
--
-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber         |   " Questions are the         | Mailadresse im Header
Mannheim, Germany  |     Beginning of Wisdom "     |
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834