Hibernation and secret keys

David Shaw dshaw at jabberwocky.com
Tue Jun 23 16:55:31 CEST 2009

On Jun 23, 2009, at 7:28 AM, Werner Koch wrote:

> On Sun, 21 Jun 2009 00:10, t.eden at yahoo.com said:
>> So, here is the question: Is is possible to secure gpg (or PGP or  
>> TrueCrypt for that matter) on a Windows system?
> If you have the ability to run a program if hibernation kicks in, you
> may want to run:
>  gpgconf --reload gpg-agent
> That deletes the passphrase cache. I assume that you are using a  
> recent
> version of gnupg2.

If possible, I'd also add a pause for running gpg processes to exit to  
cover a small race condition.  Even if the passphrase cache is wiped,  
if there is a running gpg process at suspend time, secret material  
could still be caught in the hibernation data.  GPG does wipe its  
memory for things like session keys (to the limit that such things can  
be done in software), but the process has to complete for the wipe to  


More information about the Gnupg-users mailing list