AW: Extraction of decryption session key without copying complete encrypted file
Roman.Fiedler at ait.ac.at
Fri Aug 4 14:36:12 CEST 2017
> Von: Werner Koch [mailto:wk at gnupg.org]
> On Wed, 2 Aug 2017 15:52, Roman.Fiedler at ait.ac.at said:
> > How to decrypt large files, e.g. gpg-encrypted backups, without
> copying them to the machine with the GPG private key?
> With GnuPG 2.1 this is easy: You use ssh's socket forwarding feature to
> forward gpg-agent's restricted remote socket, for example
> to the host and there you run gpg which will then connect back to the
> agent on your desktop. For details see
Ah, that's great - and actually the first nice gpg-agent feature apart from
gpg-agent being little annoying when running it on RAM-disks in early boot.
The agent forwarding guide from above is fine, should be easy to implement.
Just one more question: how do I restrict the private key lifetime within the
agent or the number of agent requests before password repeat is needed? Best
would be 0 seconds (agent should ask for passphrase every time a key is
requested), but I could also live with something below 60sec.
What's the best way to implement that? I did not find a gpg option by myself.
If none available, I guess it might be possible to find some value for
RLIMIT_CPU, that would kill the agent process when attempting to do another
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 4814 bytes
Desc: not available
More information about the Gnupg-users