[Users] Unlocking GnuPG
mir at miras.org
Mon Feb 6 08:26:47 CET 2017
Maybe your password is stored in the gnome session?
On February 6, 2017 8:08:17 AM GMT+01:00, Johan Vromans <jvromans at squirrel.nl> wrote:
>On Sun, 5 Feb 2017 22:21:10 +0100, Johan Vromans <jvromans at squirrel.nl>
>> I assume it's my fault, but...
>In any case, it's not claws.
>> When I run gpg in a terminal window, it says that gpg-agent is not
>> available and asks for the passphrase. Good.
>Actually, there *is* a gpg-agent, and it is found by gpg2.
>I assume the claws plugin also uses gpg2, either directly or
>> When I use claws to send a (GnuPG) signed e-mail, it does so without
>> asking for the gpg passphrase. I don't recall I ever instructed claws
>> permanently store this passphrase.
>Running gpg-agent with debugging reveals that it is contacted
>Then it invokes pinentry to ask for the passphrase. Much to my
>pinentry returns the desired information without popping up a dialog.
>apparently it is cached by pinentry, or Gnome, or whatever.
>Still scary, especially since I haven't found a way to stop this (IMHO
>Users mailing list
>Users at lists.claws-mail.org
Sent from my Android phone with K-9 Mail. Please excuse my brevity.
This mail was virus scanned and spam checked before delivery.
This mail is also DKIM signed. See header dkim-signature.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users