Implications of a common private keys directory in 2.1

Peter Lebbing peter at digitalbrains.com
Mon Dec 19 20:40:02 CET 2016


On 19/12/16 20:05, Stephan Beck wrote:
> So, yes, and sorry for my hesitation, the only way (I see) is to
> invalidate the passphrase cache removing all its entries and manually
> presetting the one keygrip/key to use on the command line.

Why don't you just disable passphrase caching if that is the only
problem? (max-cache-ttl 0, I think that works, didn't check).

I think one of the underlying problems is that Carola wants to prevent
keys from being used even though the correct passphrase is presented.

Come to think of it, if you include the keygrip in the passphrase, the
passphrase would ever only match the one key. Heh. The same would work
if you include the proxy user name, if that is the level of division you
want. Pretty obvious once you think of it.

Still, it seems like a small part of the overall puzzle presented by Carola.

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>



More information about the Gnupg-users mailing list