gpg-agent wants to go online

Werner Koch wk at gnupg.org
Wed Aug 19 17:41:48 CEST 2009


On Wed, 19 Aug 2009 11:37, listen at story-games.at said:

> I've recently switched over (by way of gpg4win) to GPG 2.0.12 and
> there's one thing I'm wondering: When I start gpg, my firewall asks me
> if I want to allow gpg-agent to connect to the network. Being one of

That is one of these stupid firewalls, not expecting that local TCP
connections (a connection to 127.0.0.1).  The Kleopatra keymanager even
has a test for this and shows an appropriate notice.

Connecting to the local host is fine, it is nothing else than a simple
inter process connection (IPC).  Put the the address 127.0.0.1 into the
whitelist of your firewall.

Background: Under Windows we don't have Unix Domain sockets.  However,
we use them in GnuPG for IPC and thus need a way to emulate them on
Windows.  Given that we use the sockets semantics it is natural that we
use a local TCP connection.  Actually this method is the only which
easily allows to restrict a server to accept connection only from the
local host: The server does only listen on 127.0.0.1 and thus is not
reachable from the outside.  The filename as sused with Unixdomain
sockets is here a real file containing the port the server is listening
to and a nonce so that only processes able to open the file are allowed
to connect to the server.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.




More information about the Gnupg-users mailing list