Hi Peter, On 07/06/2016 08:33 PM, Peter Lebbing wrote:
GnuPG Agent only caches the passphrase protecting the key, never the key itself—it reads the key from file everytime the key is required, which means that as soon as the key file is removed from the agent’s directory, the key is no longer available;Is this actually the case though? Have you checked the source
Yes I did. That's how I found out this behavior actually.If you want to check by yourself, have a look for example at the function agent_pkdecrypt (in the agent/pkdecrypt.c file), which implements the agent's PKDECRYPT command. One of the first thing this function does is to call agent_key_from_file (defined in agent/findkey.c), which *inconditionnally* reads the key from its file storage. The key is freed at the end of the agent_pkdecrypt function, without having been cached anywhere (only the passphrase is cached, in the function unprotect.c in agent/findkey.c).
The agent_pksign function, which implements the PKSIGN command and needs the signing (sub)key, behaves similarly.
Damien
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
