gpg-agent cache keygrip

Kristian Fiskerstrand kristian.fiskerstrand at
Wed Jul 26 22:38:48 CEST 2017

On 07/26/2017 09:08 PM, Mario Figueiredo wrote:
> On Wed, 26 Jul 2017 08:52:12 +0200
> Werner Koch <wk at> wrote:
>> There is a kludge in gpg and gpg-agent described in this comment:
>> [...]
> Hello Werner,
> Thank you for the information and debug method. And hopefully this
> problem will be fixed sometime in the near future. My brain is old
> and tired and it can't just commit to yet another unique password of
> any decent quality.
> The sharing of passwords between different keys becomes inevitable
> after a certain threshold. And I suspect for everyone, not just old
> people. And the gpg-agent just isn't dealing with this situation in an
> acceptable way.

Have you considered using smartcards/tokens to ensure the secret key
material is only available when you expect to do operations using the
particular keys (as well as protecting against several other threat

Kristian Fiskerstrand
Twitter: @krifisk
Public OpenPGP keyblock at hkp://
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
Fabricando fit faber
Practice makes perfect

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20170726/c33b6b38/attachment.sig>

More information about the Gnupg-users mailing list