SSH generic socket forwarding for gpg-agent

Werner Koch wk at
Sat Feb 14 14:28:19 CET 2015

On Fri, 13 Feb 2015 23:23, dkg at said:

> Encouraging this kind of use seems risky.  I certainly wouldn't want to
> do it without being able to have gpg-agent prompt me on my local machine
> for each use of the key.  Its current silent operation once the

Similar as with smartcards this feature protect against key
compromise but not against misuse of the key.

> Could gpg-agent have a setting (per-key? per-agent?) that would have it
> use pinentry for prompting?

Good idea.  We can disable the cache in this case by default and allow
it only by option - either for all keys or (with a bit more code) for a
selected set of keys.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-users mailing list