Using gnupg to crypt credentials used by application to access a database server

Werner Koch wk at gnupg.org
Mon Jul 16 09:51:17 CEST 2018


On Sat, 14 Jul 2018 15:15, guru at unixarea.de said:

> Decrypting with GnuPG needs a passphrase, normally read from /dev/tty

It only needs passphrase if you set a passphrase.  For public key
encryption it is perfectly fine not to set a passphrase because it is
expected that there are no other users on that machine.  If there would
be other users on that machine it would be just to easy to snoop the
passphrase despite the protections we have in place.  IMHO, local
exploits are too numerous to all get fixed.

If you use a smartcard there is a hack in scdaemon which allows to work
without a PIN. 


Shalom-Salam,

   Werner

-- 
#  Please read:  Daniel Ellsberg - The Doomsday Machine  #
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20180716/690bf02b/attachment.sig>


More information about the Gnupg-users mailing list