Agent socket security

Nicholas Cole nicholas.cole at
Sun May 11 11:01:15 CEST 2014

Dear list,

This is a question that comes out of my own ignorance, but what stops one
user on a system maliciously connecting to another user's gpg-agent, and is
this mechanism secure on all platforms?

After all, isn't gpg-agent listening on a socket for commands? Presumably
it is hard to authenticate whether the source of those commands is

Is this the mechanism being relied on?

I presume listening on a network socket would simply be impossible to trust
(without some separate username/password).

I'm sure I must be missing something, so forgive the naive question!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20140511/fda28f5d/attachment.html>

More information about the Gnupg-devel mailing list