Another bulletin funded by the I Just Blew An Entire Morning On This Foundation: Suppose you want to encrypt and sign files using gpg, but without giving it ownership or write access to its own keystore. For instance, this might be necessary if the gpg process is going to be run from a low-privilege CGI user and you don’t have root privileges on the webserver. This is relatively straightforward with the classic version 1, although there’s an error message that’s harmless but impossible ...
