[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [pkg-gnupg-maint] Bug#840669: Bug#840669: Beware of leftover gpg-agent processes

On Sat 2016-10-15 11:21:29 -0400, Ian Jackson wrote:
> 1. gnupg1-compatible authorisation lifetime:

I believe this is a deliberate change in semantics from the upstream
GnuPG project.  In particular, authorization for the use of secret key
material is now the responsibility of the gpg-agent.  This is an overall
win, because it means that no process ever gets access to the secret key
in memory *except* for the gpg-agent.  The gpg-agent is where these
decisions are made.

If you want an agent that never caches any passphrase (and therefore has
a one-use-per-authorization), this is an easy thing to do by adjusting
max-cache-ttl in gpg-agent.conf.  you can also set this dynamically with
gpgconf (see the --runtime option in gpgconf(1)).

> 2. Explicit programmatic control of authorisation lifetime:

This is also present in some form with the current gpg, but there are a
couple different ways to do it -- you can still set up and tear down a
separate gpg-agent (though managing that independently from other
sessions can be tricky); you can set authorization cache times that
are bounded to the times you prefer; or you can explicitly tear down the
agent after a given run.

btw, upstream now has fixes to the inotify teardown approach, which i
hope to land in debian unstable in the next day or two.

Thanks for your engagement on this issue, Ian.


Attachment: signature.asc
Description: PGP signature

Reply to: