How to prevent passphrase caching in 2.1

Daniel Kahn Gillmor dkg at fifthhorseman.net
Wed Nov 23 18:24:13 CET 2016


On Wed 2016-11-23 03:46:57 -0500, Carola Grunwald wrote:
> With GnuPG 1.4 I had no agent. And, in case it is, I've no idea why with
> 2.x such a passphrase cache with all its risks has to be mandatory.

in 2.0, the agent is a passphrase cache.  in 2.1, the agent is a proper
cryptographic agent, which does not release any secret key material to
the calling process.  This isolation is actually offers reduced risks in
the contexts in which gpg is expected to be invoked (by a single user,
who is managing their own keys).

that said, i understand why it doesn't meet your needs.  unfortunately,
you're using these tools in a framework that they generally weren't
expected to be used.

You've said already that you don't want to run a different gpg-agent for
each user account that is currently authenticated to your server.  can i
ask why not?  the agent is a pretty lightweight process, and setting one
up on login and tearing it down on shutdown seems like it could be a
fairly convenient approach.

Regards,

    --dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 962 bytes
Desc: not available
URL: </pipermail/attachments/20161123/b98c4381/attachment.sig>


More information about the Gnupg-users mailing list