Mailing List Archive

security of local keyring

I want to use GPG for rather simple authentication of downloaded files. I made a test installation on a Windows box, then imported and validated (via fingerprint) the public keys of some sources.

Now I have the following question. Is there some means of access control for the public keyring?
It seems, there is no privilege distinction between managing the local keyring and using it. When the user is able to freely import and delete public keys, there's no prevention of some malware tampering with the keyring either.

Gnupg-users mailing list