On Thu, 13 Jan 2011 05:29, ds...@jabberwocky.com said: > So GnuPG can't do this alone, but there are ways to configure GnuPG alongside > other packages and/or the OS to be safe(r) here. For example, if you can > arrange to run some commands as you are hibernating, you could get gpg-agent > to dump its passphrase, etc.
Things would be easier to handle if the OS would send a special signal to all processes before hibernating. However there are all kind of timing and priority problems with that. Thus the only working solution is to list all running gpg-agents in /etc/rc.suspend and send them a SIGHUP. Unfortunately SIGHUP also re-reads the config files and that may take up additional time and access the hard disk again. Another signal would be better but I fear that there is no other standard signal available. SIGUSR1 is used to dump internal information for debugging and SIGUSR2 is used for internal purposes. gpg-connect-agent could be used to clear the caches; however that is also a heavy command as it requires some IPC which might be subject to blocking and timeouts. Regarding the cached passphrases: 2.1 keeps all cached data encrypted - but as usual the encryption key is stored in RAM as well. If the hardware would provide a small memory area which gets cleared when entering hibernation mode, the cached data would automagically be safe. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
