Jorge Almeida jalmeida at
Tue Nov 21 18:09:34 CET 2006


I've been reading whatever documentation I could find about gpg-agent,
but I couldn't get the whole picture yet.
Assuming that the gpg-agent daemon is running and some client
application needs to encrypt or decrypt something, what happens? As I
understood it, the client connects to the socket and gpg-agent tells
pinentry to ask for a passphrase, if it doesn't have it yet. Now, the
first question is whether the passphrase is kept in locked memory
(assuming the OS supports it), i.e, the passphrase is never send to disk
or swap. Is this correct?
The other question (not independent from the former) is what is (and
where is) gpg-agent cache: a directory? containing what? the passphrases
for several keys? and are they protected only by the filesystem
permissions, or is there a more elaborate setup?
The page says "GpgAgent that stores
passphrases like ssh-agent does", but the truth is that the
documentation of ssh-agent is not clearer about these points.

Jorge Almeida

More information about the Gnupg-users mailing list