-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 04/04/2017 01:44 PM, grarpamp wrote:

On Tue, Apr 4, 2017 at 10:04 AM, Phillip Hallam-Baker <phill@hallambaker.com> wrote:

...

* Has someone already done this for GPG Agent?

Probably.

gnupg-agent is in serious need of some bugfixes, at least the version that makes it into Mint. Once it sees a pass phrase, gnupg-agent retains it until the system is shut down; stored pass phrases persist through user logout/login. This behavior is supposed to be controlled by a config file where a timeout can be set, but none is present in the default installations I have seen on Mint, and creating a new gpg-agent.conf as directed in the man page for gnupg-agent does exactly nothing to alter its behavior. The Debian devs say this is a non-issue. Their excuse: "Physical access is game over." How's that for convenient? Never mind that broken gnupg-agent means physical access by any unskilled snooper gives that person the ability to read and copy encrypted documents and files, or apply your signature to anything, while your back is turned. Not an issue. The presence of your pass phrase in system memory, as/when a non-persistent exploit checks to see if pass phrases for the secring keys it just sent to its owner are available in memory is not a potential issue, either. My work-arounds for this BS: http://pilobilus.net/gnupg-agent_work_around_for_linux_mint.html :o) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQEcBAEBAgAGBQJY4/aFAAoJEECU6c5XzmuqfqkIAKEccOp/KQbJ5AFyK0/Npsbn pwVRaiAokE+WqkclDsLmUmB5vqBu+eg4YJIhj0c2gig/55slyCn74kp8Eu0GlOHF 2/qDddjnu6yz91uQs3uoIffYzKvNTXz06THXSn8DQ/nzQVIdy2g67pO2/OqxVp7j cIex0XA02U2ThQGjMMVpg7EIFRrnmzFx9k+BH5wWI2tiHjPWFz/ISaEfq0xx/RwM FVJTQNGLMmKyHwmo1Nez8ZiM+4eZz3Oz9BdaH4yHnOQpI1z9nYY5jeYlOMuaEs6o TZ1+4XTj4tX6sa3PJj8Z57bBWkyFeZzgRC2aipelssT9ui3+J7Qi1ciEAtbfBRg= =j/Vm -----END PGP SIGNATURE-----