Page MenuHome GnuPG
Create Task
Maniphest T1840

gpg-agent should have prompt-for-use mechanism
Open, NormalPublic
Actions

Description

gpg-agent now supports/facilitates forwarding of the agent socket over the
network. This introduces a possibility of a remote attacker getting to
arbitrarily misuse the secret keys stored in the agent.

It would be useful to have a mode where the agent knows the unlocked secret key,
but prompts the user to confirm the use of the key when it receives a request.

I assume that pinentry (or something like it) would be used for the prompting,
but i would hope that it wouldn't require full passphrase entry; loading the key
into the agent should require the passphrase, but each use in this scenario
should only require dealing with a dialog like:

Permit use of key X?
[OK] [Cancel]"

Related Objects

Event Timeline

dkg added projects: Feature Request, gnupg.Feb 16 2015, 6:06 AM
dkg added a subscriber: dkg.
werner added a subscriber: werner.Feb 18 2015, 10:46 AM

We already have that "confirm" flag for ssh and thus adding code to use it for
the extra-socket feature should be easy. The open question is how to disable
this feature on a per key base. A ~/.gnupg/confirmcontrol or similar file could
be used to record those keys which do not need confirmation or if persistance is
not required a checkbox in pinentry could be used to show the confirmation
dialog only once per session.

gniibe merged a task: T2439: Optionally always prompt for key confirmation for requests from restricted sockets.Aug 21 2018, 2:20 AM
gniibe added a subscriber: nwf.
olfway added a subscriber: olfway.Oct 2 2019, 7:06 AM