[pkg-gnupg-maint] Bug#840669: Bug#840669: Bug#840669: Beware of leftover gpg-agent processes

Daniel Kahn Gillmor dkg at fifthhorseman.net
Tue Oct 18 04:31:42 UTC 2016


On Sat 2016-10-15 11:21:29 -0400, Ian Jackson wrote:
> 1. gnupg1-compatible authorisation lifetime:

I believe this is a deliberate change in semantics from the upstream
GnuPG project.  In particular, authorization for the use of secret key
material is now the responsibility of the gpg-agent.  This is an overall
win, because it means that no process ever gets access to the secret key
in memory *except* for the gpg-agent.  The gpg-agent is where these
decisions are made.

If you want an agent that never caches any passphrase (and therefore has
a one-use-per-authorization), this is an easy thing to do by adjusting
max-cache-ttl in gpg-agent.conf.  you can also set this dynamically with
gpgconf (see the --runtime option in gpgconf(1)).

> 2. Explicit programmatic control of authorisation lifetime:

This is also present in some form with the current gpg, but there are a
couple different ways to do it -- you can still set up and tear down a
separate gpg-agent (though managing that independently from other
sessions can be tricky); you can set authorization cache times that
are bounded to the times you prefer; or you can explicitly tear down the
agent after a given run.

btw, upstream now has fixes to the inotify teardown approach, which i
hope to land in debian unstable in the next day or two.

Thanks for your engagement on this issue, Ian.

      --dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 930 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20161018/3b84d601/attachment.sig>


More information about the pkg-gnupg-maint mailing list