Red Hat Bugzilla – Bug 146966
Keyring loses integrity over time
Last modified: 2007-11-30 17:07:06 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5)
Description of problem:
RH keyring provided in small cardboard box labelled "Reflects Cable
Keyring, matt, art 10001" consists of a single cable looped around
with both ends passing through a small silver metal fob with the Red
Hat logo. The cable ends are secured with small screw caps - removing
the screw caps allows the cable to pass through the fob, which in turn
allows keys to be added or removed.
Due to a lack of friction between the screw caps, the cable and the
fob, over time the screw caps become loose. If the keyring is then
removed from the user's pocket, the screw cap will detach and the
keyring will suffer a violent loss of integrity. The user's private
keys may then be strewn around the surrounding area. This public
availability of private keys has obvious security implications.
Increased integrity of screw caps
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Place keys on keyring
2. Place keyring in pocket
Actual Results: Keys located on ground. In dark conditions, recovery
of keys may be difficult.
Expected Results: Keyring integrity maintained, keys kept in usable state
Tested with two different keyrings. Equally reproducible. No reason to
suspect user error.
This problem has nothing to do with gnupg.