How to prevent passphrase caching in 2.1
caro at nymph.paranoici.org
Tue Nov 22 17:20:26 CET 2016
Peter Lebbing <peter at digitalbrains.com> wrote:
>On 21/11/16 15:20, Carola Grunwald wrote:
>> As for each single decryption task only a defined passphrase is
>> allowed to be used it's essential to have caching, which implicates
>> the risk of unauthorized passphrase usage, strictly deactivated.
>Why do you lump these users together? At a first glance it seems more
>logical that they have separate system accounts, or at the least
>separate GnuPG homedirs (and hence agents).
They don't have any system account at all. These are users of a
messaging system, only allowed to access its POP3, SMTP and NNTP
>They shouldn't even have access to the encrypted private key in the
They don't have direct access to any key. Nevertheless by using someone
else's cached passphrase with 2.1 and its all-embracing keyring they may
succeed in decoding data not meant for them.
More information about the Gnupg-users