Hibernation and secret keys

Werner Koch wk at gnupg.org
Tue Jun 23 18:00:23 CEST 2009


On Tue, 23 Jun 2009 16:55, dshaw at jabberwocky.com said:

> If possible, I'd also add a pause for running gpg processes to exit to
> cover a small race condition.  Even if the passphrase cache is wiped,
> if there is a running gpg process at suspend time, secret material
> could still be caught in the hibernation data.  GPG does wipe its

That is right.

With 2.1 we will change that so that only the gpg-agent performs any
private key operations and the gpg2 processes care only about session
keys.  The latter is not really problematic given that the plaintext is
usually also in RAM and thus a lower hanging fruit.  (gpgsm already
works like this).


Shalom-Salam,

   Werner


-- 
Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.




More information about the Gnupg-users mailing list