-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 04/04/2017 01:44 PM, grarpamp wrote:
On Tue, Apr 4, 2017 at 10:04 AM, Phillip Hallam-Baker <phill@hallambaker.com> wrote:
* Has someone already done this for GPG Agent?
Probably.
gnupg-agent is in serious need of some bugfixes, at least the version that makes it into Mint. Once it sees a pass phrase, gnupg-agent retains it until the system is shut down; stored pass phrases persist through user logout/login. This behavior is supposed to be controlled by a config file where a timeout can be set, but none is present in the default installations I have seen on Mint, and creating a new gpg-agent.conf as directed in the man page for gnupg-agent does exactly nothing to alter its behavior. The Debian devs say this is a non-issue. Their excuse: "Physical access is game over." How's that for convenient? Never mind that broken gnupg-agent means physical access by any unskilled snooper gives that person the ability to read and copy encrypted documents and files, or apply your signature to anything, while your back is turned. Not an issue. The presence of your pass phrase in system memory, as/when a non-persistent exploit checks to see if pass phrases for the secring keys it just sent to its owner are available in memory is not a potential issue, either. My work-arounds for this BS: http://pilobilus.net/gnupg-agent_work_around_for_linux_mint.html Come to think of it, I'm gonna copy this reply to a new thread. It's on topic to the group and deserves more attention. :o) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQEcBAEBAgAGBQJY4/YAAAoJEECU6c5XzmuqaugH/A1/4Whop9ZaqFee6+vgba09 PRMJsX6MJY+ZmuFxS7P+AQIJUUXqjRXzbK3oXS7zq6pBu2bi7CVD8NA5ZH/FYeFD jTtF4Tk9A8bmKb2bdsSigSzaU5hFNOXHr5bKf2dE/jFE3rxL7aR2S7TtKqWSBx3I GTyyv0BHFoYTW08zz2vFEHSZPjF5PWkNIa5LohoSW1NkyMWvcy1ua1LkqbSyzE6F icj9rK1y6q3XrenZflXRJxsvwzPbjOl4xi+PIL8RxfbCwPXbSH7RRIRrsFbg7+IQ pkO9PufV0ohVjk1iQblcRbhsDDddaLLRqeZD582l/t1OXv3XJIyJJL8/aqbFl34= =BsdF -----END PGP SIGNATURE-----