gpg-agent cache keygrip
Kristian Fiskerstrand
kristian.fiskerstrand at sumptuouscapital.com
Wed Jul 26 22:38:48 CEST 2017
On 07/26/2017 09:08 PM, Mario Figueiredo wrote:
> On Wed, 26 Jul 2017 08:52:12 +0200
> Werner Koch <wk at gnupg.org> wrote:
>
>> There is a kludge in gpg and gpg-agent described in this comment:
>> [...]
>
> Hello Werner,
>
> Thank you for the information and debug method. And hopefully this
> problem will be fixed sometime in the near future. My brain is old
> and tired and it can't just commit to yet another unique password of
> any decent quality.
>
> The sharing of passwords between different keys becomes inevitable
> after a certain threshold. And I suspect for everyone, not just old
> people. And the gpg-agent just isn't dealing with this situation in an
> acceptable way.
>
Have you considered using smartcards/tokens to ensure the secret key
material is only available when you expect to do operations using the
particular keys (as well as protecting against several other threat
vectors)?
--
----------------------------
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
----------------------------
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
----------------------------
Fabricando fit faber
Practice makes perfect
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20170726/c33b6b38/attachment.sig>
More information about the Gnupg-users
mailing list