From 43bfaf2c5417ede621c0a07721952ea549a7a139 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Wed, 16 Nov 2016 09:02:53 +0100 Subject: gpg: New option --override-session-key-fd. * g10/gpg.c (oOverrideSessionKeyFD): New. (opts): Add option --override-session-key-fd. (main): Handle that option. (read_sessionkey_from_fd): New. -- The override-session-key feature was designed to mitigate the effect of the British RIP act by allowing to keep the private key private and hand out only a session key. For that use case the leaking of the session key would not be a problem. However there are other use cases, for example fast re-decryption after an initial decryption, which would benefit from concealing the session key from other users. Signed-off-by: Werner Koch --- doc/gpg.texi | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) (limited to 'doc') diff --git a/doc/gpg.texi b/doc/gpg.texi index aff3aebbc..c69e512d5 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -3118,13 +3118,17 @@ inappropriate plaintext so they can take action against the offending user. @item --override-session-key @code{string} +@itemx --override-session-key-fd @code{fd} @opindex override-session-key -Don't use the public key but the session key @code{string}. The format -of this string is the same as the one printed by -@option{--show-session-key}. This option is normally not used but comes -handy in case someone forces you to reveal the content of an encrypted -message; using this option you can do this without handing out the -secret key. +Don't use the public key but the session key @code{string} respective +the session key taken from the first line read from file descriptor +@code{fd}. The format of this string is the same as the one printed +by @option{--show-session-key}. This option is normally not used but +comes handy in case someone forces you to reveal the content of an +encrypted message; using this option you can do this without handing +out the secret key. Note that using @option{--override-session-key} +may reveal the session key to all local users via the global process +table. @item --ask-sig-expire @itemx --no-ask-sig-expire -- cgit v1.2.3