Agent forwarding issue

Werner Koch wk at gnupg.org
Fri Apr 5 10:59:51 CEST 2024


Hi!

>     gpg: problem with fast path key listing: Forbidden - ignored

I'll suppress that message in --quiet mode for the next release.

When doing a secret key listing (which happens with -K but also in
--with-colons mode) gpg walks over all public keys and asks the agent
for each key whether a corresponding secret key exists.  With many
secret keys this is quite some overhead and thus gpg first tries to a
get a listing of all secret keys (the keygrips) and later can do a fast
memcmp instead of an IPC call.

If you use the extra-socket certain operations are forbidden so that a
rogue gpg version on the remote site won't be able to change passwords,
export secret keys, or get a listing of all available secret keys.  This
is why you see this diagnostic.


Salam-Shalom,

   Werner



-- 
The pioneers of a warless world are the youth that
refuse military service.             - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 247 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20240405/37d2a202/attachment.sig>


More information about the Gnupg-users mailing list