GnuPG Daemon?

David Turner
Wed May 23 00:09:02 2001

Hash: SHA1

[Disclaimer:  This brainwave was brought to you by someone who doesn't
know better :-)]

Scripts exist (for Pine at least) which save your passphrase to a file for
a session so you only have to type it once.  Whilst this is very
convenient, it strikes me as a security problem, although I cannot really
assess how much of a problem since it requires a deeper knowledge of
things than I possess.  Maybe Pine session IDs are not too hard to
predict.  Whatever the hole, something feels wrong about trusting a MUA
for good cryptographic practice.

So, my idea is to provide this idea of a `session' in a better way by
separating it from whatever agent (MUA, shell etc.) you are using, and
placing it in a daemon (gpgd?) which, say, receives the passphrase at the
start of a session, and stores it in secure memory ready to dole out to
whatever needs it until the session ends.

How much less secure is this?  It is already possible to compromise keys
with root priveleges, so the only cases of interest are from non-root

* Could they intercept the passphrase between calling agent and daemon? My
limited knowledge of Linux would say no.

* Could they make it dump core and rip the passphrase from that? If it
dumped core, the passphrase would be readily available.  In a perfect
world, programs don't dump core. In reality, care would be needed to
prevent this.

* Could they trick the daemon into giving them the passphrase? My idea
here is to nominate {Pine, bash, ...} when starting the session, and then
only to allow children of that nominated process access to the passphrase,
and end the session when the process dies or after a timeout.

This is the key - (a) can that be done and (b) can it be fooled?  Is there
a Better Way?  Have I just descibed an existing product?  Or am I talking
the sort of drivel that can only be produced after a whole day of
mind-numbingly hard mathematics?

Answers on a postcard...

- --
Dave Turner