Bug in GnuPG

Werner Koch wk at gnupg.org
Wed Jan 11 16:40:09 CET 2006

On Wed, 11 Jan 2006 08:37:41 -0600, Joe Vender said:

> prompts until my hidden_recipient(session_key) is encountered. Also, many
> users will not be willing, or at least prefer not, to cache the passphrase
> due to security concerns. There must be a better way of handling this. It

Caching the passphrase for a few minutes is just fine.  The passphrase
itself is mainly a protection against stolen disks or alike.  Any key
logger will be able to log the passphrase and by entering it many
times over a day it will be even easier to figure out the passphrase.
I consider gpg-agent/pinentry-gtk on a local X-sever more secure than
the passphrase prompt of gpg.

> would first ask for my passphrase and then move through the
> hidden_recipient(session_key) list until it encountered the one that
> matched the right key to decrypt the message.

As already mentioned, there is no immediate list of public key
encrypted packages - they are processed one after the other without
any look-ahead.  

I just checked the code and a possible way to implement it is be
queuing up the hidden publick key encrypted packets and process them
only after all other packets failed.  However this is still a too
intrusive change for now.

It won't help the passphrase caching problem.  The memory used for
for storing the unprotected secret keys (after the passphrase has been
presented) is a scare resource and thus we can't keep them them
unprotected for a logn time.  It is even a design goal to keep secret
stuff as short as possible unprotected.  gpg-agent/pinentry solves
this problem.



More information about the Gnupg-devel mailing list