preventing gpg-agent from storing a symmetric encryption key

Ken Kundert admin at shalmirane.com
Sun Jan 4 05:30:53 CET 2015


All,
    Is there a way of preventing the agent from storing a symmetric encryption 
key?

I am writing a password generation program. The main password database will be 
encrypted with my private key and the passphrase to that key will be kept in 
gpg-agent so I don't have to retype this long passphrase every time I need one 
of my passwords.  But I worry that someone might gain access to my console while 
the agent has my passphrase, so would like to encrypt my passwords a second time 
with short password. The idea that most of the protection comes from the private 
key, but once that is unlocked anyone that gained access to the console would 
still have to know the short secondary password. Unfortunately, this plan is 
defeated if gpg-agent also saves the secondary password. So, I am looking for 
a command line option that I can use when doing the second level decrypt to 
prevent those short secondary passwords from being saved in the agent.

-Ken



More information about the Gnupg-users mailing list