Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 18 Dec 2017 15:04:14 -0700
From: Leonid Isaev <>
Subject: Re: Recommendations GnuPG-2 replacement

On Mon, Dec 18, 2017 at 08:21:56PM +0000, halfdog wrote:
> The point in starting this thread was, that GnuPG does NOT conveniently
> cover usecases for headless or scripting operation. Thus it seems
> that the time has come to look for replacement, as GnuPG is moving
> more in the "desktop" direction, as also your comments indicate.

You are talking about policies here, not technical issues. Gnupg is perfectly
scriptable, see pacman-key(1) tool in Arch Linux. Moreover, gpg-agent is easily
usable on a headless machine. At least, I mostly use it this way when checking
email... You will lose nothing if you just pkill(1) gpg-agent though. So I
don't understand why you claim that gpg is moving towards desktop.

> That's really a strange argument. You fear PTRACING for key extraction
> of a short-lived, per-key instance of gpg1 process and solve that
> by putting all the key material into a single long-lived gpg-agent
> process, not even providing convenient commands to flush the keys
> from there?

pkill -hup gpg-agent. Please read the manpages.

Leonid Isaev

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ