Bug 146966 - Keyring loses integrity over time
Summary: Keyring loses integrity over time
Alias: None
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: gnupg   
(Show other bugs)
Version: 3.0
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Nalin Dahyabhai
QA Contact: Mike McLean
Keywords: Security
Depends On:
TreeView+ depends on / blocked
Reported: 2005-02-03 01:56 UTC by Matthew Garrett
Modified: 2007-11-30 22:07 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-02-07 12:46:13 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Matthew Garrett 2005-02-03 01:56:29 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5)
Gecko/20050105 Epiphany/1.4.7

Description of problem:
RH keyring provided in small cardboard box labelled "Reflects Cable
Keyring, matt, art 10001" consists of a single cable looped around
with both ends passing through a small silver metal fob with the Red
Hat logo. The cable ends are secured with small screw caps - removing
the screw caps allows the cable to pass through the fob, which in turn
allows keys to be added or removed.

Due to a lack of friction between the screw caps, the cable and the
fob, over time the screw caps become loose. If the keyring is then
removed from the user's pocket, the screw cap will detach and the
keyring will suffer a violent loss of integrity. The user's private
keys may then be strewn around the surrounding area. This public
availability of private keys has obvious security implications.

Suggested fix:

Increased integrity of screw caps

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Place keys on keyring
2. Place keyring in pocket


Actual Results:  Keys located on ground. In dark conditions, recovery
of keys may be difficult.

Expected Results:  Keyring integrity maintained, keys kept in usable state

Additional info:

Tested with two different keyrings. Equally reproducible. No reason to
suspect user error.

Comment 1 Josh Bressers 2005-02-07 12:46:13 UTC
This problem has nothing to do with gnupg.

Note You need to log in before you can comment on or make changes to this bug.