Mailing List Archive

> Why does gpg-agent interject itself into symmetric encryption at all?

Where in that command line do you specify a passphrase?

You don't.

gpg-agent is getting fired up in order to ask you what passphrase to use
for the symmetric encryption.

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

> On 15/10/2022 14.36, Robert J. Hansen via Gnupg-users wrote:
>> Why does gpg-agent interject itself into symmetric encryption at all?
>
> Where in that command line do you specify a passphrase?
>
> You don't.
>
> gpg-agent is getting fired up in order to ask you what passphrase to use
> for the symmetric encryption.

why can't gpg accept passphrase in the terminal?

Why does it need to start a daemon?

gpg-agent is supposed to be used for managing private and public keys.
At least that's what the man page says.

Besides, when I use "gpg -c file", it works fine. I =get asked for
passphrase (via pinentry, I think)

so I am not sure what you mean by "Where in that command line do you
specify a passphrase"


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

> why can't gpg accept passphrase in the terminal?

Depending on how you invoke GnuPG, it can. It supports a lot of
different ways of providing the passphrase.

The one that might work best for your purposes is to put the passphrase
in a file, passphrase.txt, and then invoke GnuPG like this:

gpg -c --pinentry-mode loopback --passphrase-file passphrase.txt -o
[myfile].tar.zstd.gpg

> Why does it need to start a daemon?

Because GnuPG 2.x already starts the daemon. It should be running by
the time you finish logging into your system.

> Besides, when I use "gpg -c file", it works fine. I =get asked for
> passphrase (via pinentry, I think)

And what do you think launches pinentry?

> so I am not sure what you mean by "Where in that command line do you
> specify a passphrase"

Really simple. Where in that command line did you specify a passphrase?

You didn't tell GnuPG a passphrase file to use, a passphrase file
descriptor to use, or an actual passphrase to use. So the only thing
GnuPG could do was ask you for one, and that means using gpg-agent to
facilitate the interaction with the user.

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

On Sat, 15 Oct 2022 12:50, Robert J. Hansen said:

> Because GnuPG 2.x already starts the daemon. It should be running by
> the time you finish logging into your system.

Further the gpg-agent is responsible to compute the iteration count for
our KDF. That takes at least 100ms and thus either a long running
process needs to do that or we would need to store it somewhere with all
the troubles to keep it in sync in case the GNUPGHOME is on shared drive
(usually not a good idea but sometimes required)


Shalom-Salam,

Werner

--
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein