Hibernation and secret keys
David Shaw
dshaw at jabberwocky.com
Tue Jun 23 16:55:31 CEST 2009
On Jun 23, 2009, at 7:28 AM, Werner Koch wrote:
> On Sun, 21 Jun 2009 00:10, t.eden at yahoo.com said:
>
>> So, here is the question: Is is possible to secure gpg (or PGP or
>> TrueCrypt for that matter) on a Windows system?
>
> If you have the ability to run a program if hibernation kicks in, you
> may want to run:
>
> gpgconf --reload gpg-agent
>
> That deletes the passphrase cache. I assume that you are using a
> recent
> version of gnupg2.
If possible, I'd also add a pause for running gpg processes to exit to
cover a small race condition. Even if the passphrase cache is wiped,
if there is a running gpg process at suspend time, secret material
could still be caught in the hibernation data. GPG does wipe its
memory for things like session keys (to the limit that such things can
be done in software), but the process has to complete for the wipe to
happen.
David
More information about the Gnupg-users
mailing list