Extraction of decryption session key without copying complete encrypted file
Matthias Apitz
guru at unixarea.de
Fri Aug 4 15:39:18 CEST 2017
El día viernes, agosto 04, 2017 a las 01:59:57p. m. +0200, Werner Koch escribió:
> On Wed, 2 Aug 2017 15:52, Roman.Fiedler at ait.ac.at said:
>
> > How to decrypt large files, e.g. gpg-encrypted backups, without copying them to the machine with the GPG private key?
>
> With GnuPG 2.1 this is easy: You use ssh's socket forwarding feature to
> forward gpg-agent's restricted remote socket, for example
>
> /run/user/1000/gnupg/S.gpg-agent.extra
>
> to the host and there you run gpg which will then connect back to the
> agent on your desktop. For details see
>
> https://wiki.gnupg.org/AgentForwarding
But this implies that everyone with priv access on the remote host could
abuse your secret key on your localhost, especially when a GnuPG-card is
used and you entered the PIN to unlock the secret key. I'm wrong?
matthias
--
Matthias Apitz, ✉ guru at unixarea.de, ⌂ http://www.unixarea.de/ ☎ +49-176-38902045
Public GnuPG key: http://www.unixarea.de/key.pub
8. Mai 1945: Wer nicht feiert hat den Krieg verloren.
8 de mayo de 1945: Quien no festeja perdió la Guerra.
May 8, 1945: Who does not celebrate lost the War.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: </pipermail/attachments/20170804/d6d70c25/attachment.sig>
More information about the Gnupg-users
mailing list