invalid gpg key revocation

Daniel Kahn Gillmor dkg at
Tue Mar 6 00:23:38 CET 2012

On 03/05/2012 04:36 PM, Ingo Klöcker wrote:

> 4. He has left his laptop unlocked and unattended for a very short 
> period of time and he is using gpg-agent with a cache-ttl > 0.
> I have verified that one can generate a revocation certificate without 
> entering a passphrase if one has previously signed something (e.g. an 
> email). So, it was probably just a very nasty prank.

as pranks involving compromise of the secret key go, this is the
least-nasty prank i can think of.

> Maybe gpg shouldn't use the cached signing passphrase (or any cached 
> passphrase) for generating a revocation certificate.

But it's ok to use the cached signing passphrase for making bogus
identity certifications?  For signing ersatz love letters?

What's to stop the malefactor from just querying the passphrase directly
out of gpg-agent and absconding with both it and the secret key material
to do whatever they want later?

I don't think making the proposed limitation is a helpful one.


More information about the Gnupg-users mailing list