AW: Extraction of decryption session key without copying complete encrypted file
Werner Koch
wk at gnupg.org
Mon Aug 7 19:58:30 CEST 2017
On Fri, 4 Aug 2017 14:36, Roman.Fiedler at ait.ac.at said:
> Ah, that's great - and actually the first nice gpg-agent feature apart from
> gpg-agent being little annoying when running it on RAM-disks in early boot.
(And the ssh-agent support, which is one of the mos useful features I
have on my box for 10 years or so.)
> The agent forwarding guide from above is fine, should be easy to implement.
> Just one more question: how do I restrict the private key lifetime within the
> agent or the number of agent requests before password repeat is needed? Best
You can't do that yet just for --extra-socket connection. You need to
do that globally with
--max-cache-ttl NSECONDS
Normally w.o. the leading dashes in the gpg-agent.conf. In the future
we will allow to do this on a per key base (utilizing the new
--enabled-extended-key-format) and also allow to set a flag to require
confirmation in the same way it is possible with ssh connections.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: </pipermail/attachments/20170807/e0825f50/attachment.sig>
More information about the Gnupg-users
mailing list