How to prevent passphrase caching in 2.1

Peter Lebbing peter at digitalbrains.com
Tue Nov 22 19:44:20 CET 2016


On 22/11/16 17:20, Carola Grunwald wrote:
> They don't have any system account at all. These are users of a
> messaging system, only allowed to access its POP3, SMTP and NNTP
> service.

Perhaps 1.4 is the best release for you... you'll miss out on Elliptic
Curve, but other than that, it's still a supported release.

> They don't have direct access to any key. Nevertheless by using someone
> else's cached passphrase with 2.1 and its all-embracing keyring they may
> succeed in decoding data not meant for them.

Perhaps you should implement access control in your frontend, instead of
asking the agent to perform access control, for which it was not
intended, AFAIK. It sounds like you just want the ability to work with
OpenPGP material, rather than the user-centric model the agent seems to
correspond to. When GnuPG gives you a square peg, you'll have to build
your own adapter before it fits in a round hole ;).

By the way, I'm not recommending anything (this in response to your "do
you seriously recommend..."). I know nothing about your application or
what you demand of it. I'm merely trying to give you directions to look
in, while you search for the correct architecture of your application.

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>



More information about the Gnupg-users mailing list