On Sun, 28 Jun 2020 16:24, Robert J. Hansen said: > GnuPG sees the symmetrically encrypted message and knows it needs to > recover/derive a key. It calls gpg-agent, which in turn calls pinentry.
In addition gpg-agent also takes care of caching passphrases which makes even symmetrically encryption more convenient. It is also used to figure out a suitable number of hash iteration to make new symmetric passphrase encryption stronger - this can't be done by a plain command line tool. In theory it is possible to pass a set of option to avoid the use of gpg-agent for plain symmetric encryption but as soon as any pubkey key is used as an alternative to the symmetric encryption the agent is required to check whether a private key exists. From engineering and security POVs it does not make sense to special case very rare use cases. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
