Detecting a misremembered passphrase in gpg-agent

ael witwall3 at disroot.org
Thu Jun 13 23:24:56 CEST 2024


On Thu, Jun 13, 2024 at 02:09:15PM -0400, Jack via Gnupg-users wrote:
> On 2024.06.13 06:57, ael via Gnupg-users wrote:
> > Further thoughts on detecting a mistaken passphrase entry when
> > encrypting. I have looked at both
> >   man gpg-agent  and info
[...snip..]

> I'm no expert in this area, but something struck me - is the passprase you
> are entering protecting the key you are using for encryption, or is the
> passphrase itself being used for encryption?

I am using symmetric encryption, so the usual public/private keys are not relevant
in this situation.

> Does this help at all, or have I missed something?

Unless I too have missed something, then I don't think this applies 
to the symmetric case.

But thanks for the suggestion.

In passing, for further background, all of this is happening on an
mounted encrypted volume. I am guarding against malware that might be able
to read the temporarily decrypted file. At least the other files on the mounted
volume are protected by the second level of gpg symmetric encryption.
Rather like a password manager that handles more general files with the
manager database only on the (temporarily mounted) encrypted volume.

ael




More information about the Gnupg-users mailing list