pipe passphrase to unlock key

Werner Koch wk at gnupg.org
Tue Jul 31 20:54:44 CEST 2012


On Tue, 31 Jul 2012 17:53, ciprian.craciun at gmail.com said:

>     First of all I would really have liked the tool to not just ignore
> the `--no-user-agent` flag and bail out...

That would make migration for user of 2.0 to 2.1 too complicate.  We try
to do the migration as smooth as possible.

> thus what is the purpose of the agent anymore? (Except handling cards
> which isn't the case in most instances...)

The agent does not handle cards.  It just acts as a proxy for scdaemon.
What the agent does is to perform all operations involving the private
key (e.g. signing and decryption of the session key).  GPGSM works this
way for 10 years now; 2.1 completes it and moved the private key
operations for OpenPGP also to the agent.

>     * each invocation of `gpg2` will start its own, but not as a
> child, but by making it double fork in the background;

That was the default in 2.0 on Unix.  2.1 will start the agent only once
and keep it around.  The Windows version of 2.0 does this for a few
years now.

>     * but unfortunately the tool won't be able to export that
> environment variables to its parent...

No problem anymore.  We need an envvar only for the ssh support and that
is a fixed value.

>     * and also after the invocation the agent would just remain there;

Right.

> not restart another agent, but still we have at least one agent
> running, and for no purpose as there is no password to enter...

The agent is not for the passphrase.  The passphrase handling code is
only a minor function block.


Shalom-Salam,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.




More information about the Gnupg-users mailing list