On Wed, 11 Dec 2019 11:07:48 -0500 Stefan Monnier <monn...@iro.umontreal.ca> wrote:
> > I use full disk encryption (cryptsetup / LUKS), so the password file > > is secure at rest, and when I'm actually using the system, if > > gpg-agent is used, then anyone with access to the machine can access > > the password file anyway. > > That assumes a single-user situation. But in case someone manages to > run code on your machine as some user other than yourself and root, then > they will have access to most of your files, but not to your gpg-agent > (and hence not to your gpg-encrypted files). Can't this just be avoided by chmoding sensitive files to 600 (which things like ssh recommend / require anyway)? > Also, gpg-agent voluntarily forgets the passwords after some timeout, so > even if someone gets access to your machine as your user or as root, > they may still be unable to decrypt your gpg files if enough time has > passed and gpg-agent has forgotten your password. Yes, I acknowledged this point in my original email: > machine can access the password file anyway. I guess one gets some > additional security in the case where one walks away from > the machine and leaves it running (and an attacker doesn't get there > before gpg-agent evicts the password from the cache), and similar cases. Celejar
