GPG Wipe Keys from RAM on Suspend

Werner Koch wk at
Tue Sep 22 09:01:38 CEST 2020

On Sat, 19 Sep 2020 23:10, procmem--- said:
> Hi. I came across a new cryptsetup feature that is supposed to protect
> user data while the PC is in standby. It wipes the key from RAM when
> sleep events are triggered. While it protects LUKS, other data and keys
> loaded in RAM at the time are still vulnerable to forensic recovery. Can
> you please consider adding a sleep key cache wipe feature to GPG?

That exists for ages:

  gpgconf --reload gpg-agent

is all what you need.  However, the platforms all differ a lot on how
to run scripts on power events and thus the distros need to implement



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <>

More information about the Gnupg-devel mailing list