Peter Lebbing <pe...@digitalbrains.com> wrote: >On 21/11/16 15:20, Carola Grunwald wrote: >> As for each single decryption task only a defined passphrase is >> allowed to be used it's essential to have caching, which implicates >> the risk of unauthorized passphrase usage, strictly deactivated. > >Why do you lump these users together? At a first glance it seems more >logical that they have separate system accounts, or at the least >separate GnuPG homedirs (and hence agents).
They don't have any system account at all. These are users of a messaging system, only allowed to access its POP3, SMTP and NNTP service. > >They shouldn't even have access to the encrypted private key in the >first place. They don't have direct access to any key. Nevertheless by using someone else's cached passphrase with 2.1 and its all-embracing keyring they may succeed in decoding data not meant for them. Kind regards Caro _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
