On Tuesday 06 March 2012, Daniel Kahn Gillmor wrote: > On 03/05/2012 04:36 PM, Ingo Klöcker wrote: > > 4. He has left his laptop unlocked and unattended for a very short > > period of time and he is using gpg-agent with a cache-ttl > 0. > > > > I have verified that one can generate a revocation certificate > > without entering a passphrase if one has previously signed > > something (e.g. an email). So, it was probably just a very nasty > > prank. > > as pranks involving compromise of the secret key go, this is the > least-nasty prank i can think of. > > > Maybe gpg shouldn't use the cached signing passphrase (or any > > cached passphrase) for generating a revocation certificate. > > But it's ok to use the cached signing passphrase for making bogus > identity certifications? > > For signing ersatz love letters? > > What's to stop the malefactor from just querying the passphrase > directly out of gpg-agent and absconding with both it and the secret > key material to do whatever they want later? > > I don't think making the proposed limitation is a helpful one.
Hmm. I guess you are right. Just a minor remark: To my knowledge it is not possible to get the passphrase out of gpg-agent. The whole point of gpg-agent is that it encapsulates all operations involving the secret key and the passphrase in order to minimize the risk of leaks of this information (see http://www.gnupg.org/aegypten/tech.en.html). Regards, Ingo
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users