Is gpg-agent passphrase status query possible?
Werner Koch
wk at gnupg.org
Fri Oct 31 08:48:35 CET 2014
On Fri, 31 Oct 2014 06:51, ml at sudhirkhanger.com said:
> It prints the GPG passphrase in plain text. Is the password cached in plain
> text?
Catch-22. How would you protect the key used to decrypt the cache?
Actually the content of the passphrase cache is stored encrypted in RAM
but the key for that is stored in RAM too:
/* The encryption context. This is the only place where the
encryption key for all cached entries is available. It would be nice
to keep this (or just the key) in some hardware device, for example
a TPM. Libgcrypt could be extended to provide such a service.
With the current scheme it is easy to retrieve the cached entries
if access to Libgcrypt's memory is available. The encryption
merely avoids grepping for clear texts in the memory. Nevertheless
the encryption provides the necessary infrastructure to make it
more secure. */
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-users
mailing list