preventing gpg-agent from storing a symmetric encryption key

Ken Kundert admin at shalmirane.com
Mon Jan 5 10:51:55 CET 2015 

Hi Doug.
    I am aware of the ability to set inactivity timeouts and to clear the entire 
agent.  And I still believe I can use this feature.

What I have noticed about myself is that I will walk away from my keyboard 
without locking the screen. I just forget to do it. I have been trying to change 
this behavior for the last few years, and yet I still do it. Now, the screen 
locks itself after 10 to 15 minutes, so that is my window of vulnerability.  
Unless I set the gpg-agent inactivity time-out to no more than a minute or two, 
it is not going to help this situation much.  However, I cannot bear to set the 
time-out that short because it would effectively be like turning off the agent 
altogether. That is problematic for me because I use long passphrases.

So my thought is to double encrypt my secrets, once with my private key that is 
protected with a long XKCD style passphrase and once with a symmetric cipher 
with a relatively short password, and keep the passphrase in gpg-agent but not 
the password. Use of the private key with the long passphrase protects me in 
case someone steals both the private key and the cipertext and mounts an 
automated attack.  The short passwords are there to protect me if someone sits 
down at my keyboard while I am at lunch.  Here the chance of an automated attack 
is much lower, and so a short easy to type password should be sufficient in most 
cases.

Anyway, that is what I would like to do. I think I can do it with the original 
GPG, but I was hoping to use GPG2.

As an aside, after switching to longer XKCD style passphrase a few years ago 
I came to realize that most security programs inadvertently discourage the use 
of long passphrases. Probably 99% of the time that I type a passphrase I am 
alone, so obscuring the passphrase provides little value. But the longer 
passphrase you have the more chance you are going to have a typo, and with the 
passphrase obscured you cannot see it or correct it. Thus in my experience, 
obscuring the passphrase largely limits me to using about 4 words, anything 
longer than that and I find myself in seeming endless passphrase entry loops.  
Pinentry suffers from this problem. I would like to suggest that a button be 
added to pinentry that un-obscures the passphrase.

So those are my two suggestions:
1. reactivate the --no-use-agent command line option in gpg2
2. add an 'unobscure passphrase' button to pinentry.

I love gpg, and I use it heavily. Thank you to all that contribute to it.

-Ken


On Mon, Jan 05, 2015 at 12:08:35AM -0800, Doug Barton wrote:
> FYI, what you want to do doesn't make sense. :)
> 
> You should read the man page, and learn about inactivity timeouts for
> gpg-agent. Also, you can wipe the agent altogether quite easily.
> 
> Your concern about people gaining access to the console is well founded, but
> there are better solutions already available to you.
> 
> Doug

More information about the Gnupg-users mailing list