preventing gpg-agent from storing a symmetric encryption key
admin at shalmirane.com
Mon Jan 5 10:51:55 CET 2015
I am aware of the ability to set inactivity timeouts and to clear the entire
agent. And I still believe I can use this feature.
What I have noticed about myself is that I will walk away from my keyboard
without locking the screen. I just forget to do it. I have been trying to change
this behavior for the last few years, and yet I still do it. Now, the screen
locks itself after 10 to 15 minutes, so that is my window of vulnerability.
Unless I set the gpg-agent inactivity time-out to no more than a minute or two,
it is not going to help this situation much. However, I cannot bear to set the
time-out that short because it would effectively be like turning off the agent
altogether. That is problematic for me because I use long passphrases.
So my thought is to double encrypt my secrets, once with my private key that is
protected with a long XKCD style passphrase and once with a symmetric cipher
with a relatively short password, and keep the passphrase in gpg-agent but not
the password. Use of the private key with the long passphrase protects me in
case someone steals both the private key and the cipertext and mounts an
automated attack. The short passwords are there to protect me if someone sits
down at my keyboard while I am at lunch. Here the chance of an automated attack
is much lower, and so a short easy to type password should be sufficient in most
Anyway, that is what I would like to do. I think I can do it with the original
GPG, but I was hoping to use GPG2.
As an aside, after switching to longer XKCD style passphrase a few years ago
I came to realize that most security programs inadvertently discourage the use
of long passphrases. Probably 99% of the time that I type a passphrase I am
alone, so obscuring the passphrase provides little value. But the longer
passphrase you have the more chance you are going to have a typo, and with the
passphrase obscured you cannot see it or correct it. Thus in my experience,
obscuring the passphrase largely limits me to using about 4 words, anything
longer than that and I find myself in seeming endless passphrase entry loops.
Pinentry suffers from this problem. I would like to suggest that a button be
added to pinentry that un-obscures the passphrase.
So those are my two suggestions:
1. reactivate the --no-use-agent command line option in gpg2
2. add an 'unobscure passphrase' button to pinentry.
I love gpg, and I use it heavily. Thank you to all that contribute to it.
On Mon, Jan 05, 2015 at 12:08:35AM -0800, Doug Barton wrote:
> FYI, what you want to do doesn't make sense. :)
> You should read the man page, and learn about inactivity timeouts for
> gpg-agent. Also, you can wipe the agent altogether quite easily.
> Your concern about people gaining access to the console is well founded, but
> there are better solutions already available to you.
More information about the Gnupg-users