Just a quick note to record the answer to a question that’s been bugging me for quite a while:
% gpg --list-keys 64EBE220 gpg: WARNING: using insecure memory! gpg: please see http://www.gnupg.org/faq.html for more information pub 1024D/64EBE220 2006-11-11 [expires: 2009-11-10] uid Dag-Erling Smørgrav
uid Dag-Erling Smørgrav uid [jpeg image of size 3315]
The textbook solution is to chmod u+s =gpg, but this doesn’t always work on FreeBSD (especially on amd64). The reason is that the default limit on wired pages (which includes the unified buffer cache) is too low. It is initialized at boot time to approximately one-third of system memory. Increasing it to, say, half your system memory should fix the GnuPG issue:
% sudo sysctl vm.max_wired=524288 vm.max_wired: 333091 -> 524288
Remember that vm.max_wired is in pages, not in bytes. On i386 and amd64, a page is 4096 bytes, so the above allows for up to 2 GB of wired memory.
2 thoughts on “GPG insecure memory”
This will also fix the «locking SHMFILE in core failed: Resource temporarily unavailable» warning that Varnish emits during startup.