GPG insecure memory

Just a quick note to record the answer to a question that’s been bugging me for quite a while:

% gpg --list-keys 64EBE220  
gpg: WARNING: using insecure memory!
gpg: please see http://www.gnupg.org/faq.html for more information
pub   1024D/64EBE220 2006-11-11 [expires: 2009-11-10]
uid                  Dag-Erling Smørgrav 
uid                  Dag-Erling Smørgrav 
uid                  [jpeg image of size 3315]

The textbook solution is to chmod u+s =gpg, but this doesn’t always work on FreeBSD (especially on amd64). The reason is that the default limit on wired pages (which includes the unified buffer cache) is too low. It is initialized at boot time to approximately one-third of system memory. Increasing it to, say, half your system memory should fix the GnuPG issue:

% sudo sysctl vm.max_wired=524288
vm.max_wired: 333091 -> 524288

Remember that vm.max_wired is in pages, not in bytes. On i386 and amd64, a page is 4096 bytes, so the above allows for up to 2 GB of wired memory.

2 thoughts on “GPG insecure memory

Leave a Reply

Your email address will not be published. Required fields are marked *

To create code blocks or other preformatted text, indent by four spaces:

    This will be displayed in a monospaced font. The first four 
    spaces will be stripped off, but all other whitespace
    will be preserved.
    
    Markdown is turned off in code blocks:
     [This is not a link](http://example.com)

To create not a block, but an inline code span, use backticks:

Here is some inline `code`.

For more help see http://daringfireball.net/projects/markdown/syntax