=== modified file 'debian/mandos-client.postinst'
--- debian/mandos-client.postinst	2019-02-10 08:41:14 +0000
+++ debian/mandos-client.postinst	2019-02-10 10:39:26 +0000
@@ -71,8 +71,9 @@
 	     --load-privkey=/etc/keys/mandos/tls-privkey.pem \
 	     --outfile=/dev/null --pubkey-info --no-text \
 	     2>/dev/null; then
-	    shred --remove -- /etc/keys/mandos/tls-privkey.pem
-	    rm -- /etc/keys/mandos/tls-pubkey.pem
+	    shred --remove -- /etc/keys/mandos/tls-privkey.pem \
+		  2>/dev/null || :
+	    rm --force -- /etc/keys/mandos/tls-pubkey.pem
 	fi
     fi
 
@@ -93,7 +94,7 @@
 	local umask=$(umask)
 	umask 077
 	cp --archive "$TLS_PRIVKEYTMP" /etc/keys/mandos/tls-privkey.pem
-	shred --remove -- "$TLS_PRIVKEYTMP"
+	shred --remove -- "$TLS_PRIVKEYTMP" 2>/dev/null || :
 
 	# First try certtool from GnuTLS
 	if ! certtool --password='' \
@@ -122,7 +123,7 @@
 	db_go
 	db_stop
     else
-	shred --remove -- "$TLS_PRIVKEYTMP"
+	shred --remove -- "$TLS_PRIVKEYTMP" 2>/dev/null || :
     fi
 }
 

=== modified file 'mandos-keygen'
--- mandos-keygen	2019-02-10 09:03:37 +0000
+++ mandos-keygen	2019-02-10 10:39:26 +0000
@@ -252,14 +252,14 @@
 	# Backup any old key files
 	if cp --backup=numbered --force "$TLS_PRIVKEYFILE" "$TLS_PRIVKEYFILE" \
 	      2>/dev/null; then
-	    shred --remove "$TLS_PRIVKEYFILE"
+	    shred --remove "$TLS_PRIVKEYFILE" 2>/dev/null || :
 	fi
 	if cp --backup=numbered --force "$TLS_PUBKEYFILE" "$TLS_PUBKEYFILE" \
 	      2>/dev/null; then
 	    rm --force "$TLS_PUBKEYFILE"
 	fi
 	cp --archive "$TLS_PRIVKEYTMP" "$TLS_PRIVKEYFILE"
-	shred --remove "$TLS_PRIVKEYTMP"
+	shred --remove "$TLS_PRIVKEYTMP" 2>/dev/null || :
 
 	## TLS public key
 
@@ -296,7 +296,7 @@
     # Backup any old key files
     if cp --backup=numbered --force "$SECKEYFILE" "$SECKEYFILE" \
 	2>/dev/null; then
-	shred --remove "$SECKEYFILE"
+	shred --remove "$SECKEYFILE" 2>/dev/null || :
     fi
     if cp --backup=numbered --force "$PUBKEYFILE" "$PUBKEYFILE" \
 	2>/dev/null; then
@@ -444,7 +444,7 @@
 set +e
 # Remove the password file, if any
 if [ -n "$SECFILE" ]; then
-    shred --remove "$SECFILE"
+    shred --remove "$SECFILE" 2>/dev/null
 fi
 # Remove the key rings
 shred --remove "$RINGDIR"/sec* 2>/dev/null