How to use gpg-agent

[Steven W. Orr]

On Wednesday, May 6th 2009 at 12:46 -0000, quoth Ben Scott:

=>On Wed, May 6, 2009 at 10:13 AM, Steven W. Orr <steveo at syslang.net> wrote:
=>> 1. How do I control how long a passphrase is cached before it decides it
=>> wants me to be re-asked?
=>
=>  If gpg-agent is anything like ssh-agent, it takes a command line
=>argument for this purpose.
=>
=>http://www.google.com/search?q=gpg-agent+cache+time
=>
=>> 2. Can I preload a passphrase when I log in? I know all about the
=>> security issues; I just want to know how to do it.
=>
=>  Why not just store the key in an unencrypted form at that point?
=>Save yourself all the trouble.

Hmm. Almost as cynical as me. ;-)



On Wednesday, May 6th 2009 at 13:42 -0000, quoth Ben Scott:

=>On Wed, May 6, 2009 at 12:54 PM, Coleman Kane <ckane at colemankane.org> wrote:
=>> Many of the key agent programs under Linux (such as seahorse) make use
=>> of the mlock() call and ...
=>
=>  So what?
=>
=>  If one is feeding the passphrase to the agent automatically, then
=>the passphrase is in cleartext in a file somewhere, so if someone has
=>enough access to your system to grovel the remnants of swap you've
=>pretty much lost the same anyway.  Probably made it a lot easier,
=>since it's all scripted and in nice neat files, rather than in the big
=>unstructured blob the page file is.

One of the points of the agent is to cache passphrases so we don't have 
to type it in for every message. If I'm comfortable with my server being 
secure in my own house, then that's different than if someone is carrying 
around a laptop.

But the questions still remain. Does anyone have a handle on how to do 
this?

-- 
Time flies like the wind. Fruit flies like a banana. Stranger things have  .0.
happened but none stranger than this. Does your driver's license say Organ ..0
Donor?Black holes are where God divided by zero. Listen to me! We are all- 000
individuals! What if this weren't a hypothetical question?
steveo at syslang.net