How to prevent passphrase caching in 2.1
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Tue Nov 22 21:09:46 CET 2016
On Tue 2016-11-22 11:20:26 -0500, Carola Grunwald wrote:
> They don't have direct access to any key. Nevertheless by using someone
> else's cached passphrase with 2.1 and its all-embracing keyring they may
> succeed in decoding data not meant for them.
fwiw, the same concerns hold for a shared gpg-agent passphrase-cache
from pre-2.1 versions of gpg as well, right?
your model sounds like it needs to use a separate agent per user,
regardless of which version of the agent you're using.
--dkg
More information about the Gnupg-users
mailing list