GPG Agent discarding cache before ttl/max ttl

Daniel Kahn Gillmor dkg at fifthhorseman.net
Wed Oct 16 20:49:50 CEST 2019


On Tue 2019-10-15 22:57:16 +0200, Werner Koch via Gnupg-users wrote:
> If your system has a method to run a script
> on suspend or lid closing it may already do just that.  I consider this
> a good idea but we can't do that by default in GnuPG because systems
> differ to much on how to detect a lid closing event or similar.  Thus
> there is also no way to avoid it using a GnuPG option.

It would be great to learn what the most common lid-closing events on
popular platforms are, so that gpg-agent can do this cache-flushing
behavior automagically at least for users on those platforms.

On systems with D-Bus, following the freedesktop.org IPC standards, it
looks like the following signal appears on the system bus when the
machine goes to sleep:

destination=(null destination) path=/org/freedesktop/login1; interface=org.freedesktop.login1.Manager; member=PrepareForSleep
   boolean true

Debian systems these days typically use the dbus standard -- and i'd be
happy to try to integrate detection of this signal into the debian
gpg-agent packaging, if anyone wants to propose a way to do it. i'm not
a D-Bus guru by any stretch of the imagination, so i'm not sure what the
right next step is, guidance is definitely welcome.

> On Tue, 15 Oct 2019 09:14, Chip Senkbeil said:
>>     enable-ssh-support
>
> Its the default anyway

This is the default, but its presence in gpg-agent's configuration file
is also used as a signal in some OSes (debian at least) as for whether
to export an SSH_AUTH_SOCK that points to gpg-agent's ssh-agent
emulation socket.  See /etc/X11/Xsession.d/90gpg-agent for more details.

Regards,

        --dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20191016/032f8cec/attachment.sig>


More information about the Gnupg-users mailing list