Caching symmetric encryption passphrase with gpg-agent
Daiki Ueno
ueno at unixuser.org
Fri Mar 6 10:24:03 CET 2009
Hi,
Perhaps this is a stupid idea, but let me propose a proof of concept.
The attached is a patch which (partially) enables passphrase caching
even if symmetric encryption is used. It diverts the S2K salt to the
identity of the encrypted data. Here is the sample session:
$ eval `gpg-agent --daemon`
$ echo aaa | ./g10/gpg2 --status-fd=2 --symmetric > test.gpg
[GNUPG:] S2K 3 2 6BB569FF913024B9 96
pinentry-gtk will prompt a passphrase. Then,
$ ./g10/gpg2 --status-fd=2 < test.gpg
pinentry-gtk will prompt a passphrase. Again,
$ ./g10/gpg2 --status-fd=2 < test.gpg
The cached passphrase is used here.
$ echo bbb | ./g10/gpg2 --status-fd=2 --symmetric \
--s2k-salt 6BB569FF913024B9 > test.gpg
The cached passphrase is used here since the same cache key
6BB569FF913024B9 is specified with --s2k-salt.
What do you think?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: gpg2-symenc-passphrase-cache.diff
Type: text/x-diff
Size: 4154 bytes
Desc: not available
URL: </pipermail/attachments/20090306/d3a94f4d/attachment.diff>
-------------- next part --------------
Regards,
--
Daiki Ueno
More information about the Gnupg-devel
mailing list