Jason Helfman <[EMAIL PROTECTED]>:
> I notice then when pgp-signing something a mail message, I need to enter
> my password, respectively. However, if I send another message,
> pgp-signing, again. There is no need to enter my password. Is this being
> passed to a temp file?
It's stored in memory. There is a variable pgp_timeout that determines
how long the passphrase is kept for, and you can make mutt forget it
immediately by using the command "forget-passphrase" (^F by default).
If you look at the code you will see that some effort is made to
really destroy all record of the passphrase:
void pgp_void_passphrase (void)
{
memset (PgpPass, 0, sizeof (PgpPass));
PgpExptime = 0;
}
However, a copy of the passphrase may still be left in your swap
partition. (I think that only a process running as root can prevent
memory from being written to swap, and even then only on some systems.
If this is incorrect, perhaps someone can explain the true situation.)
Edmund
