[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: gpg-agent?



also sprach Brian May <bam@debian.org> [2002.11.27.2317 +0100]:
> What is the security model of each, and why is one better then
> the other?

quintuple-agent simply echoes the passphrase onto fd0, to be picked up
by another program through a piper.

  qagent get gpg | cat

or so reveals your passphrase on stdout. bad.

from what i understood. gpg-agent hooks into gpg like ssh-agent into
ssh and you can't get at the passphrase. correct me if this is wrong.

-- 
 .''`.     martin f. krafft <madduck@debian.org>
: :'  :    proud Debian developer, admin, and user
`. `'`
  `-  Debian - when you have better things to do than fixing a system
 
NOTE: The public PGP keyservers are broken!
Get my key here: http://people.debian.org/~madduck/gpg/330c4a75.asc

Attachment: pgpNvdVbQpDMD.pgp
Description: PGP signature


Reply to: