[Pkg-gnupg-commit] [gnupg2] 166/205: doc: Add a comment about the goals of the agent.

Daniel Kahn Gillmor dkg at fifthhorseman.net
Wed May 11 08:38:34 UTC 2016 

This is an automated email from the git hooks/post-receive script.

dkg pushed a commit to branch experimental
in repository gnupg2.

commit c88efcc2cc7fde25fdba36a349f670f741fd4e9a
Author: Werner Koch <wk at gnupg.org>
Date:   Sun May 1 20:04:39 2016 +0200

    doc: Add a comment about the goals of the agent.
    
    --
---
 doc/gpg-agent.texi | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi
index 5a387d4..d890036 100644
--- a/doc/gpg-agent.texi
+++ b/doc/gpg-agent.texi
@@ -54,6 +54,32 @@ The agent is automatically started on demand by @command{gpg},
 Thus there is no reason to start it manually.  In case you want to use
 the included Secure Shell Agent you may start the agent using:
 
+ at c From dkg on gnupg-devel on 2016-04-21:
+ at c
+ at c Here's an attempt at writing a short description of the goals of an
+ at c isolated cryptographic agent:
+ at c
+ at c   A cryptographic agent should control access to secret key material.
+ at c   The agent permits use of the secret key material by a supplicant
+ at c   without providing a copy of the secret key material to the supplicant.
+ at c
+ at c   An isolated cryptographic agent separates the request for use of
+ at c   secret key material from permission for use of secret key material.
+ at c   That is, the system or process requesting use of the key (the
+ at c   "supplicant") can be denied use of the key by the owner/operator of
+ at c   the agent (the "owner"), which the supplicant has no control over.
+ at c
+ at c   One way of enforcing this split is a per-key or per-session
+ at c   passphrase, known only by the owner, which must be supplied to the
+ at c   agent to permit the use of the secret key material.  Another way is
+ at c   with an out-of-band permission mechanism (e.g. a button or GUI
+ at c   interface that the owner has access to, but the supplicant does not).
+ at c
+ at c   The rationale for this separation is that it allows access to the
+ at c   secret key to be tightly controled and audited, and it doesn't permit
+ at c   the the supplicant to either copy the key or to override the owner's
+ at c   intentions.
+
 @example
 gpg-connect-agent /bye
 @end example

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git

More information about the Pkg-gnupg-commit mailing list