automatically add the passphrase for other (sub)keys of the same certificate
Hauke Laging
mailinglisten at hauke-laging.de
Wed Aug 13 04:03:13 CEST 2014
Hello,
I just got more familiar with gpg-agent and had the idea that it might
be nice (i.e. in this case: I should be capable of doing that myself) to
have a background process which notices that gpg-agent has a new
passphrase in it's cache. This process could determine the certificate
to which this passphrase belongs and check whether it has more keys. If
so (and they are not blacklisted in the configuration of this helper
program) then the passphrase could be added for these other keys. That
should not be a problem at least as long as GnuPG does not allow to set
different passphrases for different certificate components. Most users I
see don't accept that they have to enter the passphrase twice for "the
same" key.
My question:
Is this maybe a bad idea for reasons I don't see?
I noticed one problem: This process would have to take precautions so
that the caching time is not affected (if the user gives the passphrase
for key A and the process adds it for key B then it may not add it for
key A, too, if it has expired but not yet expired for B).
Hauke
--
Crypto für alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/
http://userbase.kde.org/Concepts/OpenPGP_Help_Spread
OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20140813/2f9f53a7/attachment.sig>
More information about the Gnupg-users
mailing list