GPG agent for automated processing
Werner Koch
wk@gnupg.org
Thu Apr 10 12:15:02 2003
On Wed, 9 Apr 2003 16:09:59 -0700, Joseph Bruni said:
> Here's a dumb question: Where can I find gpg-agent, anyway? I've been
> searching the GnuPG.org web-site and FTP server and can't seem to find
> it. I've done google searches and only turned up discussions about it.
You need to get the lates newpg package from
ftp://ftp.gnupg.org/gcrypt/alpha/aegypten/
as well as the latest libgcrypt from
ftp://ftp.gnupg.org/gcrypt/alpha/libgcrypt
and the pinentry package
ftp://ftp.gnupg.org/gcrypt/pinentry/
That should be sufficient to build the gpg-agent, gpgsm won't be build
if you don't have libksba installed. I am working on a GnuPG 1.9
which will include gpg, gpgsm and gpg-agent in one package.
> Another question: Does gpg-agent cache the pass-phrase, or does it
> cache the (unencrypted) private key the way ssh-agent does? Not that
> it would make any operational difference -- I'm just curious.
When used with current gpg versions, gpg-agent does only cache the
passphrase. The plan is to modify gpg to divert all secret key
operations to the gpg-agent. This has already been done for gpgsm
(the S/MIME cousin of gpg).
Whether the use of gpg-agent to cache the passphrase on an unattended
system is questionable. The only advantage I can see is that the
passphrase is stored in ram and not in the file system; a ram disk
might be configured for the same effect. BTW, the design of gpg-agent
would allow to enhance it to run on another machine.
Salam-Shalom,
Werner
--
Nonviolence is the greatest force at the disposal of
mankind. It is mightier than the mightiest weapon of
destruction devised by the ingenuity of man. -Gandhi