gpg-agent wants to go online

Werner Koch wk at
Wed Aug 19 17:41:48 CEST 2009

On Wed, 19 Aug 2009 11:37, listen at said:

> I've recently switched over (by way of gpg4win) to GPG 2.0.12 and
> there's one thing I'm wondering: When I start gpg, my firewall asks me
> if I want to allow gpg-agent to connect to the network. Being one of

That is one of these stupid firewalls, not expecting that local TCP
connections (a connection to  The Kleopatra keymanager even
has a test for this and shows an appropriate notice.

Connecting to the local host is fine, it is nothing else than a simple
inter process connection (IPC).  Put the the address into the
whitelist of your firewall.

Background: Under Windows we don't have Unix Domain sockets.  However,
we use them in GnuPG for IPC and thus need a way to emulate them on
Windows.  Given that we use the sockets semantics it is natural that we
use a local TCP connection.  Actually this method is the only which
easily allows to restrict a server to accept connection only from the
local host: The server does only listen on and thus is not
reachable from the outside.  The filename as sused with Unixdomain
sockets is here a real file containing the port the server is listening
to and a nonce so that only processes able to open the file are allowed
to connect to the server.



Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.

More information about the Gnupg-users mailing list