gpg-encrypt icon indicating copy to clipboard operation
gpg-encrypt copied to clipboard
verified publisher icon SixArm

Add --no-symkey-cache?

Open otto-dev opened this issue 6 years ago • 2 comments

From the docs

--symmetric [...] gpg caches the passphrase used for symmetric encryption so that a decrypt operation may not require that the user needs to enter the passphrase. The option --no-symkey-cache can be used to disable this feature.

Is it just me, or is that a rather ridiculous default? Meaning, that by default anyone with access to the shell can decrypt the file without knowing the passphrase while the password is still in cache from the encryption process.

Can be "fixed" by adding --no-symkey-cache

otto-dev avatar Oct 30 '19 05:10 otto-dev

Indeed, I've opened a PR

Slamdunk avatar Dec 30 '20 08:12 Slamdunk

Is this a joke? Caching passphrases by default in a security software? This default behavior should be removed immediately.

deepsynergy avatar Oct 01 '22 13:10 deepsynergy