On Wed, 22 Nov 2006, Werner Koch wrote:
first question is whether the passphrase is kept in locked memory (assuming the OS supports it), i.e, the passphrase is never send to disk or swap. Is this correct?Right. The passphrase (in all cases: when asking for the passphrase, or when gpg-agent requires it internally) is never stored on disk but kept in a special memory area of gpg-agent ("secure memory"). That memory area is protected from swapping out to disk.
Great.
However we rely on the OS's kernel not to reveal the content of a pipe. Pipes are used to convey the passphrase from the pinnetry to
I suppose Linux does the right thing wrt this issue. Correct?
The cache is only in RAM. It is not encrypted there because you would anyway need to store the decryption key somehere else in RAM.
And the cache is also is secure memory, just like the passphrases. Right? Thanks a lot. Jorge _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
