Passphrase caching with gpgme and gpg2

Marcus Brinkmann marcus.brinkmann at ruhr-uni-bochum.de
Mon Aug 11 19:32:42 CEST 2008


At Fri, 08 Aug 2008 13:41:57 +0200,
Florian Schwind <f.schwind at chili-radiology.com> wrote:
> 
> Hi.
> 
> With gpg-1.4.9 I used the passphrase_cb() from gpgme to handle 
> passphrases. What is the recommended way to handle the passphrase with 
> gpgme and gpg2? Since I'm building a server application I can not use 
> any form of dialog-box.

Use gpg-agent and gpg-preset-passphrase.  That should already work,
but if it doesn't, it shouldn't be too hard to make it work (we only
tested it for smart cards so far).

Then your key is at least protected when the machine is off.  However,
you have to call gpg-preset-passphrase interactively.

If you can't do that, why bother have a passphrase at all?  The
simplest solution is to leave the key unprotected (as it is anyway if
you keep the password on the machine).

Alternatively, you can script your own pinentry replacement for use
with gpg-agent.  See gpgme test suite for an example how to do this.

There are more ways, but this should get you started.

Marcus






More information about the Gnupg-devel mailing list