Extraction of decryption session key without copying complete encrypted file

Matthias Apitz guru at unixarea.de
Fri Aug 4 15:39:18 CEST 2017

El día viernes, agosto 04, 2017 a las 01:59:57p. m. +0200, Werner Koch escribió:

> On Wed,  2 Aug 2017 15:52, Roman.Fiedler at ait.ac.at said:
> > How to decrypt large files, e.g. gpg-encrypted backups, without copying them to the machine with the GPG private key?
> With GnuPG 2.1 this is easy:  You use ssh's socket forwarding feature to
> forward gpg-agent's restricted remote socket, for example
>   /run/user/1000/gnupg/S.gpg-agent.extra
> to the host and there you run gpg which will then connect back to the
> agent on your desktop.  For details see
> https://wiki.gnupg.org/AgentForwarding

But this implies that everyone with priv access on the remote host could
abuse your secret key on your localhost, especially when a GnuPG-card is
used and you entered the PIN to unlock the secret key. I'm wrong?

Matthias Apitz, ✉ guru at unixarea.de, ⌂ http://www.unixarea.de/  ☎ +49-176-38902045
Public GnuPG key: http://www.unixarea.de/key.pub
8. Mai 1945: Wer nicht feiert hat den Krieg verloren.
8 de mayo de 1945: Quien no festeja perdió la Guerra.
May 8, 1945: Who does not celebrate lost the War.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: </pipermail/attachments/20170804/d6d70c25/attachment.sig>

More information about the Gnupg-users mailing list