On Thu, Mar 30, 2000 at 01:20:09PM +0200, Thomas Roessler muttered:
> On 2000-03-30 12:06:42 +0100, Edmund GRIMLEY EVANS wrote:
>
> > I was thinking of something simpler: mutt spawns a suid
> > program called muttpgphelper, say, and gives the
> > passphrase to this program. When mutt wants to invoke
> > gnupg it sends a request down a pipe to muttpgphelper
> > which then invokes gnupg and gives the passphrase to
> > gnupg down another pipe.
>
> > I think a more interesting variant may be some kind of
> > passphrase-agent which is directly contacted by gnupg, pgp
> > & friends through some Unix domain socket. I have even
> > some code from a year or two ago.... However, this has
> > two downsides:
SSH does something like this - there's a "ssh-agent" program which you add
keys to from your keyring by running a program. You give the passphrase
to the ssh-addkey program, it loads the (unencrypted) key into the agent
and then apps can communicate with this agent through a unix domain socket.
Nice, makes it easier to use ssh, but not terribly secure, I fear.
Chris
--
Chris Tilbury, UNIX Systems Administrator: UNIX & Networking Group
Information Technology Services, University of Warwick, Coventry, UK
PHONE: 024 7652 3365 / FAX: 0870 088 4307 / MAIL: [EMAIL PROTECTED]
