search

saturneric / GpgFrontend

A free, open-source, robust yet user-friendly, compact and cross-platform tool for OpenPGP encryption. It stands out as an exceptional GUI frontend for the modern GnuPG (gpg).
https://gpgfrontend.bktus.com
GNU General Public License v3.0
456 stars 43 forks source link

Pre-release v2.0.10 : Key passwords buffered ? #87

Closed Achim16 closed 1 year ago

Achim16 commented 1 year ago

Good evening,

as Pre-release v2.0.10 is the first version with the option to set a database path, it's the first verison I can really test (due to existing gpg1 environment homedir) - thanks for implementing this

One observation is that passwords for keys are apparently buffered, so that they don't need to be entered each time when decrypting. However, this on Win7 Ultimate (will test on W10 as well) the password also survives closing GpgFrontend, next time I open the program a file could be decrypted again without entering keyphrase. Only a reboot deletes it from memory. I doubt this is good from security perspective and recommend to offer an option for password buffering in settings.

saturneric commented 1 year ago

This function is under consider now. Maybe add a setting to clear buffer when the program close.

saturneric commented 1 year ago

The function, Clear GnuPG Password Cache, will be included in v2.0.11.