GPG agent for automated processing

Werner Koch wk@gnupg.org
Thu Apr 10 12:15:02 2003


On Wed, 9 Apr 2003 16:09:59 -0700, Joseph Bruni said:

> Here's a dumb question: Where can I find gpg-agent, anyway? I've been
> searching the GnuPG.org web-site and FTP server and can't seem to find
> it. I've done google searches and only turned up discussions about it.

You need to get the lates newpg package from
  ftp://ftp.gnupg.org/gcrypt/alpha/aegypten/
as well as the latest libgcrypt from
  ftp://ftp.gnupg.org/gcrypt/alpha/libgcrypt
and the pinentry package
  ftp://ftp.gnupg.org/gcrypt/pinentry/

That should be sufficient to build the gpg-agent, gpgsm won't be build
if you don't have libksba installed.  I am working on a GnuPG 1.9
which will include gpg, gpgsm and gpg-agent in one package.

> Another question: Does gpg-agent cache the pass-phrase, or does it
> cache the (unencrypted) private key the way ssh-agent does? Not that
> it would make any operational difference -- I'm just curious.

When used with current gpg versions, gpg-agent does only cache the
passphrase.  The plan is to modify gpg to divert all secret key
operations to the gpg-agent.  This has already been done for gpgsm
(the S/MIME cousin of gpg).

Whether the use of gpg-agent to cache the passphrase on an unattended
system is questionable.  The only advantage I can see is that the
passphrase is stored in ram and not in the file system; a ram disk
might be configured for the same effect.  BTW, the design of gpg-agent
would allow to enhance it to run on another machine.

Salam-Shalom,

   Werner



-- 
  Nonviolence is the greatest force at the disposal of
  mankind. It is mightier than the mightiest weapon of
  destruction devised by the ingenuity of man. -Gandhi