Hello everyone, I've been trying to understand gpg-agent cache behavior in the presence of two distinct keys with the same passphrase. Namely, why is that it only asks for the passphrase once, regardless of the key being used?
So I've read the Assuan protocol documentation at (1), in particular the text in the linked page and the descriptions for PRESET_PASSPHRASE and GET_PASSPHRASE. But it isn't getting me any closer to understand this behavior, because from my own interpretation, it enters into contradiction with what I am experiencing. I would normally expect the gpg-agent cache to operate on a per-key basis, regardless of passphrase. And this is precisely what the description for the keygrip on the Assuan protocol seems to indicate. However, that is not what happens and gpg-agent seems to ignore the key being used and instead reuse the previously used passphrase from another key, which just happens to be the same passphrase for the new key. Is this a bug, or expected behavior? And if the latter, what is the rationale for it? Since it seems to only worsen an already weak decision security-wise, which is to choose the same passphrase for two distinct keys. (1) https://www.gnupg.org/documentation/manuals/gnupg/Agent-Protocol.html#Agent-Protocol -- Sinceramente / Best regards, Mário J.G.P. Figueiredo Luanda, Angola (email) mar...@gmx.com (alt) kru...@openmailbox.org (phone) +244 934 535 121
pgpr4BJE5tsws.pgp
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
