diff options
| author | Werner Koch <[email protected]> | 2016-11-16 09:12:19 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2016-11-16 09:15:31 +0000 |
| commit | 9fc92a15bd0a30437a39d0eb28b6f40edc22e6e8 (patch) | |
| tree | 74981725e9d4761ca6cb9c497e5af2241e0ae2e9 /doc | |
| parent | doc,tests: Require use of ctx_flag before use of session_key. (diff) | |
| download | gpgme-9fc92a15bd0a30437a39d0eb28b6f40edc22e6e8.tar.gz gpgme-9fc92a15bd0a30437a39d0eb28b6f40edc22e6e8.zip | |
core: Do not leak the override session key to ps(1).
* src/engine-gpg.c (struct engine_gpg): New field
override_session_key.
(gpg_release): Free that field.
(gpg_decrypt): With gnupg 2.1.16 use --override-session-key-fd.
* tests/run-decrypt.c (main): Fix setting over the override key.
--
Note that this works only with gnupg 2.1.16 and later.
Signed-off-by: Werner Koch <[email protected]>
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/gpgme.texi | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/doc/gpgme.texi b/doc/gpgme.texi index 4f899a9e..32e08618 100644 --- a/doc/gpgme.texi +++ b/doc/gpgme.texi @@ -2910,7 +2910,9 @@ not exported. The string given in @var{value} is passed to the GnuPG engine to override the session key for decryption. The format of that session key is specific to GnuPG and can be retrieved during a decrypt operation when -the context flag "export-session-key" is enabled. +the context flag "export-session-key" is enabled. Please be aware that +using this feature with GnuPG < 2.1.16 will leak the session key on +many platforms via ps(1). @end table |