diff options
| author | Werner Koch <[email protected]> | 2020-01-09 11:00:50 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2020-01-09 11:00:50 +0000 |
| commit | ce5a7fb72b599de592a087867768ac1f81fd2989 (patch) | |
| tree | c3d6898129d91e641966249e61edbe575416cad5 /agent/cache.c | |
| parent | agent: SSH: SCD KEYINFO to list available keys. (diff) | |
| download | gnupg-ce5a7fb72b599de592a087867768ac1f81fd2989.tar.gz gnupg-ce5a7fb72b599de592a087867768ac1f81fd2989.zip | |
scd: Use a scdaemon internal key to protect the PIN cache IPC.
* agent/call-scd.c (handle_pincache_put): Do not decrypt.
(handle_pincache_get): New.
(inq_needpin): Call it.
* scd/command.c (set_key_for_pincache): New.
(pincache_put): Restructure and set key.
(pincache_get): Ditto.
--
This change does away with encrypting and decrypting the cached PIN in
the agent. There is no need for this we can simply cache the
cryptogram and let scdaemon decrypt after retrieving it from the
agent. This way we do not need to share a key between gpg-agent and
scdaemon and further the cached content is invalid after the scdaemon
process has been replaced.
Signed-off-by: Werner Koch <[email protected]>
Diffstat (limited to 'agent/cache.c')
| -rw-r--r-- | agent/cache.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/agent/cache.c b/agent/cache.c index 8a6c43a30..c5c67e320 100644 --- a/agent/cache.c +++ b/agent/cache.c @@ -446,7 +446,8 @@ agent_put_cache (ctrl_t ctrl, const char *key, cache_mode_t cache_mode, } -/* Try to find an item in the cache. */ +/* Try to find an item in the cache. Returns NULL if not found or an + * malloced string with the value. */ char * agent_get_cache (ctrl_t ctrl, const char *key, cache_mode_t cache_mode) { |