From gnupg-users Wed Mar 07 20:31:11 2012 From: Ingo =?utf-8?q?Kl=C3=B6cker?= Date: Wed, 07 Mar 2012 20:31:11 +0000 To: gnupg-users Subject: Re: invalid gpg key revocation Message-Id: <201203072131.16722 () thufir ! ingo-kloecker ! de> X-MARC-Message: https://marc.info/?l=gnupg-users&m=133115260306664 MIME-Version: 1 Content-Type: multipart/mixed; boundary="--===============1361226709==" --===============1361226709== Content-type: multipart/signed; boundary=nextPart1693649.pFDYBr71ia; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-transfer-encoding: 7bit --nextPart1693649.pFDYBr71ia Content-Type: Text/Plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable On Tuesday 06 March 2012, Daniel Kahn Gillmor wrote: > On 03/05/2012 04:36 PM, Ingo Kl=C3=B6cker wrote: > > 4. He has left his laptop unlocked and unattended for a very short > > period of time and he is using gpg-agent with a cache-ttl > 0. > >=20 > > I have verified that one can generate a revocation certificate > > without entering a passphrase if one has previously signed > > something (e.g. an email). So, it was probably just a very nasty > > prank. >=20 > as pranks involving compromise of the secret key go, this is the > least-nasty prank i can think of. >=20 > > Maybe gpg shouldn't use the cached signing passphrase (or any > > cached passphrase) for generating a revocation certificate. >=20 > But it's ok to use the cached signing passphrase for making bogus > identity certifications? > > For signing ersatz love letters? >=20 > What's to stop the malefactor from just querying the passphrase > directly out of gpg-agent and absconding with both it and the secret > key material to do whatever they want later? >=20 > I don't think making the proposed limitation is a helpful one. Hmm. I guess you are right. Just a minor remark: To my knowledge it is=20 not possible to get the passphrase out of gpg-agent. The whole point of=20 gpg-agent is that it encapsulates all operations involving the secret=20 key and the passphrase in order to minimize the risk of leaks of this=20 information (see http://www.gnupg.org/aegypten/tech.en.html). Regards, Ingo --nextPart1693649.pFDYBr71ia Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (GNU/Linux) iEYEABECAAYFAk9XxZQACgkQGnR+RTDgudg/VgCgw92dVz1PV5GMZbrrp8Dbocz6 giAAoILv4zXd5OBB/GTiEYnHJ0uFQvzi =qjM2 -----END PGP SIGNATURE----- --nextPart1693649.pFDYBr71ia-- --===============1361226709== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users --===============1361226709==--