> Von: Werner Koch [mailto:w...@gnupg.org] > > On Wed, 2 Aug 2017 15:52, roman.fied...@ait.ac.at said: > > > How to decrypt large files, e.g. gpg-encrypted backups, without > copying them to the machine with the GPG private key? > > With GnuPG 2.1 this is easy: You use ssh's socket forwarding feature to > forward gpg-agent's restricted remote socket, for example > > /run/user/1000/gnupg/S.gpg-agent.extra > > to the host and there you run gpg which will then connect back to the > agent on your desktop. For details see > > https://wiki.gnupg.org/AgentForwarding
Ah, that's great - and actually the first nice gpg-agent feature apart from gpg-agent being little annoying when running it on RAM-disks in early boot. The agent forwarding guide from above is fine, should be easy to implement. Just one more question: how do I restrict the private key lifetime within the agent or the number of agent requests before password repeat is needed? Best would be 0 seconds (agent should ask for passphrase every time a key is requested), but I could also live with something below 60sec. What's the best way to implement that? I did not find a gpg option by myself. If none available, I guess it might be possible to find some value for RLIMIT_CPU, that would kill the agent process when attempting to do another sign/decrypt operation? LG R
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users