Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

One particularly nice feature of the new version: gpg-agent no longer just stores the passphrase and hands it out to gnupg. Instead, gpg-agent actually holds the private keys and does crypto operations with them, and never lets any other process have the private keys or the passphrase (other than the pinentry program that prompts for the passphrase).

See https://gnupg.org/faq/whats-new-in-2.1.html#nosecring



Does that kinda imply that gpgagent would be usable as a building block for programmable access to gpg, ie next-gen gpgme?


Yes, exactly; with 2.1 out, I expect future versions to start moving towards a usable "libgpg".


I suppose that doesn't apply to using smartcards, as the private key never leaves the card anyway.


Presumably this makes the API uniform: Ask gppagent for sign/encrypt -- and the agent can delegate to smart card, or do everything itself?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: