GnuPG asks for confirmation...
markus reichelt
ml at mareichelt.de
Fri Jun 2 16:26:31 CEST 2006
* Laurent Jumet <laurent.jumet at skynet.be> wrote:
> > Many mail clients will assume that any GPG message is encrypted and
> > prompt for a passphrase prior to invoking GPG.
>
> Are you sure?
> Security wouldn't be compromised if passphrase is given to anything else
> then gpg?
F.e. mutt itself asks for a passphrase and passes it on to gpg. It's
a normal thing for email clients to do, as with frontends for gpg as
well.
In case an attacker replaces the gpg binary with a wrapper... well,
security is compromised the moment when an attacker gains system
access anyway.
Btw, good to see GoldEd still floating around. How's fidonet?
--
2:2433/480
Sorry to the people I drove nuts back then, hehe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : /pipermail/attachments/20060602/66d3a0df/attachment.pgp
More information about the Gnupg-users
mailing list