On Sat 2016-10-15 11:21:29 -0400, Ian Jackson wrote: > 1. gnupg1-compatible authorisation lifetime: I believe this is a deliberate change in semantics from the upstream GnuPG project. In particular, authorization for the use of secret key material is now the responsibility of the gpg-agent. This is an overall win, because it means that no process ever gets access to the secret key in memory *except* for the gpg-agent. The gpg-agent is where these decisions are made. If you want an agent that never caches any passphrase (and therefore has a one-use-per-authorization), this is an easy thing to do by adjusting max-cache-ttl in gpg-agent.conf. you can also set this dynamically with gpgconf (see the --runtime option in gpgconf(1)). > 2. Explicit programmatic control of authorisation lifetime: This is also present in some form with the current gpg, but there are a couple different ways to do it -- you can still set up and tear down a separate gpg-agent (though managing that independently from other sessions can be tricky); you can set authorization cache times that are bounded to the times you prefer; or you can explicitly tear down the agent after a given run. btw, upstream now has fixes to the inotify teardown approach, which i hope to land in debian unstable in the next day or two. Thanks for your engagement on this issue, Ian. --dkg
Attachment:
signature.asc
Description: PGP signature