On 2000-03-30 12:06:42 +0100, Edmund GRIMLEY EVANS wrote:
> I was thinking of something simpler: mutt spawns a suid
> program called muttpgphelper, say, and gives the
> passphrase to this program. When mutt wants to invoke
> gnupg it sends a request down a pipe to muttpgphelper
> which then invokes gnupg and gives the passphrase to
> gnupg down another pipe.
I think a more interesting variant may be some kind of
passphrase-agent which is directly contacted by gnupg, pgp
& friends through some Unix domain socket. I have even
some code from a year or two ago.... However, this has
two downsides:
(1) mutt still has to temporarily store the pass phrase or
parts thereof in insecure memory
(2) same with most versions of PGP - remember, most don't
run setuid root.
(3) this approach requires modifications to all PGP
back-ends used.
Frankly, I really don't believe one should expect highest
security from low-security devices. If you really care,
don't use a pass phrase, and software crypto, but use a
smart card with biometric user authentication for all the
public-key crypto.
--
http://www.guug.de/~roessler/
