securedrop-workstation icon indicating copy to clipboard operation
securedrop-workstation copied to clipboard
verified publisher icon freedomofpress

Split-GPG: consider making GPG keys access never expire

Open deeplow opened this issue 1 year ago • 2 comments

The following prompt appears when sd-app is first start:

gpg_key

If the user clicks No this could lead for an unusable workstation (at least until sd-app restart) and I think it doesn't add anything from the security perspective since the user is always expected to say Yes.

This was set to 8 hours in 2018 and has stayed like that since then, my suggestion would be to reconsider if this choice still makes sense from the UX and security perspectives.

deeplow avatar Mar 12 '24 09:03 deeplow

I'll be making a PR for this so this never pops up again for users 🤩

deeplow avatar Oct 29 '25 14:10 deeplow

This will have implications for #1265, but we'll probably merge this one first and think about the other afterwards.

deeplow avatar Nov 04 '25 18:11 deeplow