jalmeida at math.ist.utl.pt
Tue Nov 21 18:09:34 CET 2006
I've been reading whatever documentation I could find about gpg-agent,
but I couldn't get the whole picture yet.
Assuming that the gpg-agent daemon is running and some client
application needs to encrypt or decrypt something, what happens? As I
understood it, the client connects to the socket and gpg-agent tells
pinentry to ask for a passphrase, if it doesn't have it yet. Now, the
first question is whether the passphrase is kept in locked memory
(assuming the OS supports it), i.e, the passphrase is never send to disk
or swap. Is this correct?
The other question (not independent from the former) is what is (and
where is) gpg-agent cache: a directory? containing what? the passphrases
for several keys? and are they protected only by the filesystem
permissions, or is there a more elaborate setup?
The page http://www.gnupg.org/aegypten/ says "GpgAgent that stores
passphrases like ssh-agent does", but the truth is that the
documentation of ssh-agent is not clearer about these points.
More information about the Gnupg-users