AW: Extraction of decryption session key without copying complete encrypted file

Werner Koch wk at
Mon Aug 7 19:58:30 CEST 2017

On Fri,  4 Aug 2017 14:36, Roman.Fiedler at said:

> Ah, that's great - and actually the first nice gpg-agent feature apart from 
> gpg-agent being little annoying when running it on RAM-disks in early boot.

(And the ssh-agent support, which is one of the mos useful features I
 have on my box for 10 years or so.)

> The agent forwarding guide from above is fine, should be easy to implement. 
> Just one more question: how do I restrict the private key lifetime within the 
> agent or the number of agent requests before password repeat is needed? Best 

You can't do that yet just for --extra-socket connection.  You need to
do that globally with

   --max-cache-ttl  NSECONDS

Normally w.o. the leading dashes in the gpg-agent.conf.  In the future
we will allow to do this on a per key base (utilizing the new
--enabled-extended-key-format) and also allow to set a flag to require
confirmation in the same way it is possible with ssh connections.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: </pipermail/attachments/20170807/e0825f50/attachment.sig>

More information about the Gnupg-users mailing list