How to use gpg-agent
VirginSnow at vfemail.net
VirginSnow at vfemail.net
Wed May 6 16:45:05 EDT 2009
> Date: Wed, 6 May 2009 15:29:59 -0400 (EDT)
> From: "Steven W. Orr" <steveo at syslang.net>
> One of the points of the agent is to cache passphrases so we don't have
> to type it in for every message.
The theory behind that is that each time we type a passphrase in, we
expose the passphrase to possible onlookers.
gpg-agent probably doesn't cache the actual passphrase. Nor is it
likely to cache the decrypted private key. More likely than not (I
don't know for sure, because I haven't read the code) it re-encrypts
the private key with a symmetric cipher and randomly generated session
key.
> But the questions still remain. Does anyone have a handle on how to do
> this?
I think the bigger question to ask would be:
If someone runs "gdb `pidof gpg-agent`" and "gcore" at the gdb
prompt, can they extract my private key from the resulting core
file?
Probably.
So, why not just use an empty passphrase? Simply typing <ENTER> every
time you want to sign a message would be even easier.
More information about the gnhlug-discuss
mailing list