[pkg-gnupg-maint] Bug#840669: Bug#840669: Bug#840669: Beware of leftover gpg-agent processes
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Tue Oct 18 04:31:42 UTC 2016
On Sat 2016-10-15 11:21:29 -0400, Ian Jackson wrote:
> 1. gnupg1-compatible authorisation lifetime:
I believe this is a deliberate change in semantics from the upstream
GnuPG project. In particular, authorization for the use of secret key
material is now the responsibility of the gpg-agent. This is an overall
win, because it means that no process ever gets access to the secret key
in memory *except* for the gpg-agent. The gpg-agent is where these
decisions are made.
If you want an agent that never caches any passphrase (and therefore has
a one-use-per-authorization), this is an easy thing to do by adjusting
max-cache-ttl in gpg-agent.conf. you can also set this dynamically with
gpgconf (see the --runtime option in gpgconf(1)).
> 2. Explicit programmatic control of authorisation lifetime:
This is also present in some form with the current gpg, but there are a
couple different ways to do it -- you can still set up and tear down a
separate gpg-agent (though managing that independently from other
sessions can be tricky); you can set authorization cache times that
are bounded to the times you prefer; or you can explicitly tear down the
agent after a given run.
btw, upstream now has fixes to the inotify teardown approach, which i
hope to land in debian unstable in the next day or two.
Thanks for your engagement on this issue, Ian.
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 930 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20161018/3b84d601/attachment.sig>
More information about the pkg-gnupg-maint
mailing list