On Fri, 31 Oct 2014 06:51, [email protected] said: > It prints the GPG passphrase in plain text. Is the password cached in plain > text?
Catch-22. How would you protect the key used to decrypt the cache? Actually the content of the passphrase cache is stored encrypted in RAM but the key for that is stored in RAM too: /* The encryption context. This is the only place where the encryption key for all cached entries is available. It would be nice to keep this (or just the key) in some hardware device, for example a TPM. Libgcrypt could be extended to provide such a service. With the current scheme it is easy to retrieve the cached entries if access to Libgcrypt's memory is available. The encryption merely avoids grepping for clear texts in the memory. Nevertheless the encryption provides the necessary infrastructure to make it more secure. */ Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
