The difference between gpg1
and gpg2
that I was noticing arises from the fact that gpg2
uses an external cryptographic library, libgcrypt
, whereas gpg1
uses an integrated cryptographic library.
And specifically, Homebrew updated to version 1.7.4 of libgcrypt
on December 10, which introduced a regression in the libgcrypt
code, leading to the insecure memory warning.
There was initially a bit of discussion about this on the pull request that introduced the formula for libgcrypt
1.7.4 into Homebrew, suggesting that it might be by design:
Nonetheless, it turns out that this was indeed a bug. The specific bug report was filed here:
The bug was fixed in this commit, and the fix was released in libgcrypt
1.7.5, which, at the time of writing, is now the version that Homebrew installs thanks to Dominyk Tiller. Thus, to fix this problem, you can just do a brew update && brew upgrade
.
For posterity's sake, here is some information from an old version of this answer before it was confirmed that this was a bug in libgcrypt
:
One thing you can do if you'd rather not always see the warning about insecure memory is to add no-secmem-warning
to ~/.gnupg/gpg.conf
. An old version of the GnuPG FAQ points out:
Locking pages against being swapped out is not necessary if your system uses an encrypted swap partition. In fact that is the best way to protect sensitive data from ending up on a disk. If your system allows for encrypted swap partitions, please make use of that feature. Note that GPG does not know about encrypted swap partitions and might print the warning; thus you should disabled the warning if your swap partition is encrypted. You may also want to disable this warning if you can't or don't want to install GnuPG setuid(root). To disable the warning you put a line
no-secmem-warning
into your ~/.gnupg/gpg.conf
file.
As far as I know, macOS does use encrypted swap space. For me, for example, sysctl vm.swapusage
returns:
vm.swapusage: total = 1024.00M used = 234.75M free = 789.25M (encrypted)
Furthermore, as @sideshowbarker
points out in the comments, there is also a post to the gnupg-users mailing list, which says it's relatively safe to ignore this warning:
[...] it's <understatement>
pretty hard </understatement>
to exploit
insecure memory without root privileges -- and if your attacker has root
privileges on your machine then it's all over anyway.
@bmike has already offered the easiest solution, but I wanted to go back to the GUI instructions not working.
I found that Apple’s instructions here can be confusing. Control-Clicking will not do anything unless you first “unlock” the Users & Groups pane, as shown below in the blue box:
Once you have it unlocked, be sure you are clicking in the white-area on the left to access “Advanced Options…” as shown above with the blue arrow.
Then you should be able to access the options, including shell, from the Advanced pane.
Best Answer
You need to escape the
?
and=
using backslashes: