Thoughts on GnuPG and automation
Brian Minton
brian at minton.name
Tue Mar 3 16:23:13 CET 2015
It breaks mailpile because gpg-agent is not session aware. A user could
be logged in locally, using mailpile, and a remote attacker could access
the web interface of that locally running mailpile instance, which since
it is talking to the same gpg-agent, would think the remote user is
logged in (or more precisely, has the private key).
I think that one solution would be to have mailpile use a per-session
gpg home dir.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 274 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20150303/00a43a6a/attachment.sig>
More information about the Gnupg-users
mailing list