How to prevent passphrase caching in 2.1

Carola Grunwald caro at
Tue Nov 22 17:20:26 CET 2016

Peter Lebbing <peter at> wrote:

>On 21/11/16 15:20, Carola Grunwald wrote:
>> As for each single decryption task only a defined passphrase is
>> allowed to be used it's essential to have caching, which implicates
>> the risk of unauthorized passphrase usage, strictly deactivated.
>Why do you lump these users together? At a first glance it seems more
>logical that they have separate system accounts, or at the least
>separate GnuPG homedirs (and hence agents).

They don't have any system account at all. These are users of a
messaging system, only allowed to access its POP3, SMTP and NNTP

>They shouldn't even have access to the encrypted private key in the
>first place.

They don't have direct access to any key. Nevertheless by using someone
else's cached passphrase with 2.1 and its all-embracing keyring they may
succeed in decoding data not meant for them.

Kind regards


More information about the Gnupg-users mailing list