Confirmation for cached passphrases useful?

Robert J. Hansen rjh at
Fri Oct 15 21:36:51 CEST 2010

On 10/15/10 2:49 PM, Jameson Rollins wrote:
> Without use confirmation in the agent, a malicious program running under
> your account could access your secret key without you knowing it.

This can still happen with a confirmation prompt.  Confirmation cannot
protect against malware running under your account.  If the agent pops
up a dialog box, then all I have to do is intercept the dialog box and
answer 'yes.'

More information about the Gnupg-users mailing list