On Fri, 23 Feb 2024 22:59, Marcin Wrochna said: > However, I cannot make `gpg --symmetric` encryption work on the remote, > as it tells me getting a passphrase is "Forbidden".
Right. It does not sund like a good idea to give the server access to your local password store (in gpg-agent). This way the server might get access to any password sored in the cache. You need to look at the code in gnupg/agent/commands.c - search for the function cmd_get_passphrase. The first statement there is if (ctrl->restricted) return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN)); The function (test with gpg-connect-agent and "help get_passphrase") has an option --no-ask which only returns value from the cache or errors out. What we might do is another option (e.g. --only-query) to only popup the pinentry and return the value. Maybe this can be the default for a restricted connection. Salam-Shalom, Werner -- The pioneers of a warless world are the youth that refuse military service. - A. Einstein
openpgp-digital-signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users