oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Recommendations GnuPG-2 replacement

From: Leonid Isaev <leonid.isaev () jila colorado edu>
Date: Mon, 18 Dec 2017 15:04:14 -0700
On Mon, Dec 18, 2017 at 08:21:56PM +0000, halfdog wrote:

The point in starting this thread was, that GnuPG does NOT conveniently
cover usecases for headless or scripting operation. Thus it seems
that the time has come to look for replacement, as GnuPG is moving
more in the "desktop" direction, as also your comments indicate.


You are talking about policies here, not technical issues. Gnupg is perfectly
scriptable, see pacman-key(1) tool in Arch Linux. Moreover, gpg-agent is easily
usable on a headless machine. At least, I mostly use it this way when checking
email... You will lose nothing if you just pkill(1) gpg-agent though. So I
don't understand why you claim that gpg is moving towards desktop.


That's really a strange argument. You fear PTRACING for key extraction
of a short-lived, per-key instance of gpg1 process and solve that
by putting all the key material into a single long-lived gpg-agent
process, not even providing convenient commands to flush the keys
from there?


pkill -hup gpg-agent. Please read the manpages.

Cheers,
-- 
Leonid Isaev
Previous By Date Next
Previous By Thread Next

Current thread: