cacheid and preset_passphrase

Werner Koch wk at gnupg.org
Thu Aug 7 16:46:14 CEST 2008


On Thu,  7 Aug 2008 12:30, bjk at luxsci.net said:

> What I'm trying to do is use gpg-agent to cache a passphrase with the
> GET_PASSPHRASE command. The command needs a cache ID to use but how do I
> know I won't overwrite an existing cache ID that was previously used by

Than you need your onw namespace.

> For example, to change a passphrase associated with a cache ID.
> Something like SET_PASSPHRASE <cache id> <hex string>.

This command may be used:

   PRESET_PASSPHRASE <hexstring_with_keygrip> <timeout> <hexstring>
  
   Set the cached passphrase/PIN for the key identified by the keygrip
   to passwd for the given time, where -1 means infinite and 0 means
   the default (currently only a timeout of -1 is allowed, which means
   to never expire it).  If passwd is not provided, ask for it via the
   pinentry module. 


The ony problem uis that it checks that the first agruments is actualy a
hexstring.  So it is not usable right now to you. 

My proposal ist to allow an arbitrary string instead of
hexstring_with_keygrip.  The only required code change should be for
this command.  The other commands CLEAR_PASSPHRASE and GET_PASSPHRASE
should accept any string as a cache ID.

You would then use 

   <myapp>:<astring_without_space>

Do not use GNUPG or similar for <myapp>.  For example:  To cache a login
passphrase for user "joe", use this cache ID:

   GNOMOVISION:login_joe

It is really up to you.  

A well, we need to implement a default timeout.


Shalom-Salam,

   Werner


-- 
Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.




More information about the Gnupg-devel mailing list