[PATCH] agent: Respect --enable-large-secmem

Daniel Kahn Gillmor dkg at fifthhorseman.net
Tue Dec 6 22:02:02 CET 2016

On Tue 2016-12-06 14:50:52 -0500, Werner Koch wrote:
> On Tue,  6 Dec 2016 17:09, dkg at fifthhorseman.net said:
>> * agent/gpg-agent.c (main): Initialize secmem to the configured buffer
>> size.
> Please go ahead and push it.

pushed, thanks.

> As you noted, this is not enough and we should have an
> --enable-large-rsa option for gpg-agent so that we can screen keys
> before we use them.

I don't think i understand this need.  what do you mean "screen keys" ?
the agent is capable of importing large keys and using them, once this
patch is applied and we configure with --enable-large-secmem.  Are you
suggesting that we'd need a runtime argument to gpg-agent in order to be
able to generate such a large key?  I'm fine with never generating them,
as long as people who have them can import them and use them.

> Regarding the bug report: ...... <IRC interrupt>
> .... okay we talked about it.  Right now working on Libgcrypt.

Thanks, that's the right thing to do!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: </pipermail/attachments/20161206/b859b174/attachment.sig>

More information about the Gnupg-devel mailing list