gpg(gnupg)でファイルを暗号化しようとすると警告が表示される。

$ gpg -R mykeyid -e -o test.txt.gpg test.txt
gpg: WARNING: using insecure memory!
gpg: please see http://www.gnupg.org/documentation/faqs.html for more information
$

いままで見たことがない警告。今回いつも利用しているCentOSではなく、FreeBSDだからか?なんのことかわからないので早速調べてみた。

Why do I get "gpg: Warning: using insecure memory!"

You see this warning if GPG is not able to lock pages against being swapped out to disk.

However, on most modern system you should not see this message anymore because these systems allow any process to prevent a small number of memory pages from being swapped out to disk (using the mlock system call). Other (mostly older) systems don't allow this unless you install GPG as setuid(root).

Locking pages against being swapped out is not necessary if your system uses an encrypted swap partition. In fact that is the best way to protect sensitive data from ending up on a disk. If your system allows for encrypted swap partitions, please make use of that feature. Note that GPG does not know about encrypted swap partitions and might print the warning; thus you should disabled the warning if your swap partition is encrypted. You may also want to disable this warning if you can't or don't want to install GnuPG setuid(root). To disable the warning you put a line

no-secmem-warning
into your ~/.gnupg/gpg.conf file.


GPGがDiskにスワップアウトするメモリページをロックできない?
よくわからないが、~/.gnupg/gpg.confに設定を書けば良いらしい。

~/.gnupg/gpg.conf
----------------------
no-secmem-warning
----------------------

もう一度実行してみると、gpg: WARNING: using insecure memory!の警告は出なくなった。


$ gpg -R mykeyid -e -o test.txt.gpg test.txt
$