Where to save passphrases?

MFPA 2014-667rhzu3dc-lists-groups at riseup.net
Sat Jul 26 15:23:36 CEST 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Saturday 26 July 2014 at 9:19:52 AM, in
<mid:CAPJdnyKaWgW6-ewWvwtbkTtcOscUfh3iQhwfcN0FUNUUXkSmSg at mail.gmail.com>,
Sudhir Khanger wrote:


> Is using some single-sign-on method, like keychain or
> pam, to keep gpg passphrase cached in gpg-agent for the
> length of user session, so that one doesn't have to
> enter gpg key passphrase every time one is sending an
> email, considered a common practice? Or does that again
> fall in risky behavior category?


I would think that caching passphrase, whether for the whole session
or for a set time period, is probably a common practice. Whether it is
"risky" depends on your threat model.

For instance, if you are in an open-plan office, is the risk greater
that you will not always lock your computer when you pop away from
your desk, or that you may be overlooked when typing your passphrase?



- --
Best regards

MFPA                    mailto:2014-667rhzu3dc-lists-groups at riseup.net

Take my advice - I don't use it anyway.
-----BEGIN PGP SIGNATURE-----

iPQEAQEKAF4FAlPTq+FXFIAAAAAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl
bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0
N0VDQTAzAAoJEKipC46tDG5pdd4D/AgRdTUmcYA+G3KKvu4OpwsO4R4y8oUXQYoV
pt2JNDLRRKkruOaJr1bhodV/glkiDYitiJZEr4yaGunQ5bbAQTBbFYFd24atWn9O
vzxzsOAQaWwARVpn9xxiw0kkrItq3Hsk7mmAJqIf10OyJLtDnu4NxJJO0bpvpI/Z
XOU9Xi5B
=w8us
-----END PGP SIGNATURE-----




More information about the Gnupg-users mailing list