ACL on the keystore

Hello , im trying to use GPG4Win with a very specific setup.
I have installer the soft in the following directory : “d:\ProgramFiles\GPG4Win” and "d:\ProgramFiles\GNUPG
I plan to use a service account and scripts to do both encryption and decryption.
I have created my keypair and placed it in the key store.

My problem is as follow, i cant allow the service account i want to use, to have the modify permission on any folder, only Read and Execute.
Each time I try to encrypt or decrypt i get error if my service account doesnt have write permission on the folder of the keystore. So my question is as follow , is it possible to use GPG4WIn with a service account and script without have modify permission on the keystore folder?
Ex of command i use : gpg --encrypt --recipient 0x12345678 --output D:\temp\test\doc.gpg d:\temp\test\doc.txt

What is the exact error? Can you please paste that?

I just tried this on linux and the result should be comparable and it works just fine.

echo foo | gpg --trust-model=always --yes -ear 12B1D519F1025EE46CF14C0510DBDFFD13D47BF5 -r 1FDF723CF462B6B1 || echo false

gpg: can't create `/tmp/tmp.h8DXYpdCMy/random_seed': Permission denied

And the last permission denied can be ignored. It works for me both with keyboxd and without keyboxd.

Without keyboxd I additionally get the message:
gpg: failed to create temporary file ‘/tmp/tmp.h8DXYpdCMy/.#lk0x00000000008d2c00.teutates.19936’: Permission denied
gpg: can’t allocate lock for ‘/tmp/tmp.h8DXYpdCMy/pubring.kbx’

But the encryption still works and that message can be bypassed with adding --lock-never to your command.

Thanks for the reply , with --lock-never we were able to solve our issue!

1 Like