using main key ID as cache key?

Werner Koch wk at
Wed Nov 14 14:21:17 CET 2012

On Wed, 14 Nov 2012 08:43, ueno at said:

> Currently, gpg-agent PKSIGN / PKDECRYPT commands maintain passphrases
> per subkey, while other gpg commands (gpg --gen-key and gpg --edit-key)
> assume the same passphrase be shared among subkeys.

That is not correct.  The GPG key generation creates the 3 standard keys
with the same passphrase.  All other commands should work correctly if
the primary and the subkeys have different passphrases.

> Doesn't it make sense that those gpg-agent commands use the main key ID
> as cache key?  I'm attaching an experimental patch (to the git master).

(It depends on your threat model)

For ssh keys it has been suggested to try unprotecting all ssh keys at
once if one has been unprotected.  A rationale for this is that often
different ssh keys have the same passphrase.  Now if malware already
knows one passphrase, it doesn't matter if the other keys are also
unprotected (or alias a cache entry).  The same is true for the gpg
primary and subkeys.

A simple implementation would just try to decrypt all keys if a valid
passphrase is given for one key.  With many keys, that won't fly because
the decryption is designed to take some time.  For ssh keys, the
sshcontrol file could be used to limit the keys.  For gpg, we would need
a way to link certain keys together.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-devel mailing list