jdgill0
Veteran
Joined: 25 Mar 2003
Posts: 1366
Location: Lexington, Ky -- USA
|
 Posted: Wed Oct 27, 2004 4:48 pm Post subject: gpg-agent's cache time |
 |
|
It seems no one has noticed that gpg-agent will only keep a valid password for up to one hour, regardless of how long you specify the default-cache-ttl in your .gnupg/gpg-agent.conf flle.
I did some investigating. The gpg-agent code is found in the older newpg package and the newer gnupg-1.9.10 package within the subdirectory agent. If you look in the file cache.c you will see a function called
| Code: | static void
housekeeping (void)
{ .... } |
Within the housekeeping function you will see
| Code: | /* second, make sure that we also remove them based on the created stamp so
that the user has to enter it from time to time. We do this every hour */
for (r=thecache; r; r = r->next)
{
if (!r->lockcount && r->pw && r->created + 60*60 < current)
{
if (DBG_CACHE)
log_debug (" expired `%s' (1h after creation)\n", r->key);
release_data (r->pw);
r->pw = NULL;
r->accessed = current;
}
} |
The purpose of this code is to expire your password after it is 1 hour old. This section of code is only executed when the housekeeping function is called, and then all it does is check the age of your password. If the age is greater than 1 hour, the password is removed, causing you to have to reenter it the next time it is needed. I have removed this section of code and setting default-cache-ttl above one hour works now. 
What is the purpose of creating the user definable option default-cache-ttl if the max time limit is hard coded to 1 hour? Why should such a time limit be forced upon you? If it is such an unsafe practice to keep your password cached longer than one hour, then what about other applications like Kopete that cache your password indefinitely while they remain open? |
|
Networking & Security
