SSH generic socket forwarding for gpg-agent

Werner Koch wk at gnupg.org
Sat Feb 14 14:28:19 CET 2015


On Fri, 13 Feb 2015 23:23, dkg at fifthhorseman.net said:

> Encouraging this kind of use seems risky.  I certainly wouldn't want to
> do it without being able to have gpg-agent prompt me on my local machine
> for each use of the key.  Its current silent operation once the

Similar as with smartcards this feature protect against key
compromise but not against misuse of the key.

> Could gpg-agent have a setting (per-key? per-agent?) that would have it
> use pinentry for prompting?

Good idea.  We can disable the cache in this case by default and allow
it only by option - either for all keys or (with a bit more code) for a
selected set of keys.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.




More information about the Gnupg-users mailing list