gpg warning message

Volker Quetschke quetschke@scytek.de
Wed Dec 20 04:18:00 GMT 2006 

Hi bjf,

> I am having trouble when importing Keys with the GnuPG package distributed
> with cygwin.  I continue to get the same warning.  I have searched for this
> warning and have found a solution on uinx environments, however, it will not
> work with cygwin.  Is there any way around this solution.  The following is
> the warning and the fix:
> 
> $ gpg --import KEYS
> $ gpg: WARNING: using insecure memory!
> $ gpg: please see http://www.gnupg.org/faq.html for more information
> --imports all the the keys
> 
> so I go check out the link and this is the explanation:
> 
> Fix to:   Why do I get "gpg: Warning: using insecure memory!"
> 
> On many systems this program should be installed as setuid(root). This is
> necessary to lock memory pages. Locking memory pages prevents the operating
> system from writing them to disk and thereby keeping your secret keys really
> secret. If you get no warning message about insecure memory your operating
> system supports locking without being root. The program drops root
> privileges as soon as locked memory is allocated.
> 
> To setuid(root) permissions on the gpg binary you can either use:
> 
> $ chmod u+s /path/to/gpg
> 
> or
> 
> $ chmod 4755 /path/to/gpg 
> 
> I don't want to put everything done on this page, but there is a statement
> that says:
> "On some systems (e.g., Windows) GnuPG does not lock memory pages and older
> GnuPG versions (<=1.0.4) issue the warning:"
> 
> $ gpg: Please note that you don't have secure memory
> 
> But that is not the response I see.  Anyway, I have thoroughly searched for
> a fix and the solutions are all the same as the above.

It is a warning, it notifies you that you are using unsecure memory on
an inherently insecure operating system, commonly known as Windows.

> Any help would greatly appreciated.

Switch it off. Try `man gpg` and search for "insecure". You'll
find:

       --no-secmem-warning
                 Suppress the warning about "using insecure memory".

or put no-secmem-warning in your gpg.conf.

This is not really a cygwin problem. Using a better OS also fixes this
"problem".

  Volker

-- 
PGP/GPG key  (ID: 0x9F8A785D)  available  from  wwwkeys.de.pgp.net
key-fingerprint 550D F17E B082 A3E9 F913  9E53 3D35 C9BA 9F8A 785D

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 248 bytes
Desc: OpenPGP digital signature
URL: <http://cygwin.com/pipermail/cygwin/attachments/20061220/d7534017/attachment.sig>

More information about the Cygwin mailing list