Is gpg-agent passphrase status query possible?

Cpp tzornik at gmail.com
Sun Nov 2 09:42:00 CET 2014


Hello

I see that command will print out the passphrase in clear text. Is
this secure to use just like that? I mean whats the chance the
passphrase gets siphoned by some other app during the parsing?
Basically I'm only interested in whether the passphrase is present or
not, not the actual passphrase itself. The exit status code of
gpg-connect-agent does not seem to reflect the passphrase status.

Regards!

On 10/31/14, Hauke Laging <mailinglisten at hauke-laging.de> wrote:
> Am Do 30.10.2014, 23:14:12 schrieb Cpp:
>
>> Is there a way to "query" gpg-agent to
>> see whether a correct passphrase has been recently entered for a
>> particular secret key, and has not yet been forgotten?
>
> Yes and no.
>
> There is an easy way to find out whether a certain passphrase (make sure
> to distinguish between mainkey and subkeys!) is currently known to gpg-
> agent:
>
> : gpg-connect-agent "GET_PASSPHRASE --data --no-ask
> 4F7E9F723D197D667842AE115F048E6F0E4B4494 t1 t2 t3" /bye
> D fubar
> OK
>
> But that doesn't tell you for how long gpg-agent will cache it yet. It
> may be that the passphrase has just been deleted from the cache even if
> you use the key immediately afterwards.
>
>
> If you know for sure for how long the entries are cached then you may
> write a small "daemon" which checks for the passphrases every few
> seconds. Then it knows with reasonable precision when a passphrase was
> added to the cache and can calculate when it will be dropped.
>
>
> Hauke
> --
> Crypto für alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/
> http://userbase.kde.org/Concepts/OpenPGP_Help_Spread
> OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5
>



More information about the Gnupg-users mailing list