SSH generic socket forwarding for gpg-agent
Werner Koch
wk at gnupg.org
Sat Feb 14 14:28:19 CET 2015
On Fri, 13 Feb 2015 23:23, dkg at fifthhorseman.net said:
> Encouraging this kind of use seems risky. I certainly wouldn't want to
> do it without being able to have gpg-agent prompt me on my local machine
> for each use of the key. Its current silent operation once the
Similar as with smartcards this feature protect against key
compromise but not against misuse of the key.
> Could gpg-agent have a setting (per-key? per-agent?) that would have it
> use pinentry for prompting?
Good idea. We can disable the cache in this case by default and allow
it only by option - either for all keys or (with a bit more code) for a
selected set of keys.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-users
mailing list