# [SOLVED] security risk with gpg

## disperato

gpg is having a very unespected and alarming behaviour.

Everything is ok in terminal (no X):

```
gpg -c mytextfile #propmt twice for password and creates an encrypted version, mytextfile.gpg

rm mytextfile       #removes the unencrypted version

gpg mytextfile.gpg #prompts for password and unencrypts the file if password is correct
```

Something is utterly wrong in xterm (xfce4+gtk...):

```
gpg -c mytextfile #propmt twice for password and creates an encrypted version, mytextfile.gpg

rm mytextfile       #removes the unencrypted version

gpg mytextfile.gpg #DOES NOT ASK for any password! And UNENCRYPTS all the same, as if a password had been given
```

output of the last command:

```
gpg: CAST5 encrypted data

gpg: encrypted with 1 passphrase

gpg: WARNING: message was not integrity protected
```

It's already a big mistake having gpg password prompt in a gtk pop-up window, but having our files unencrypted without any password is, IMHO, very bad. Or am I doing something wrong?

affected: app-crypt/gnupg-2.0.22

----------

## TomWij

Do you have any agent or kerying daemon running that remembers the password? (Check `ps axjf` after it has remembered the password)

----------

## disperato

Done, and found this line (amongst others) that looks relevant:

```
1  3046  3046  3046 ?           -1 Ss       0   0:00 /usr/bin/gpg-agent --sh --daemon --enable-ssh-support --write-env-file /root/.cache/gpg-agent-info
```

```
# cat /root/.cache/gpg-agent-info

GPG_AGENT_INFO=/tmp/gpg-psk7Xa/S.gpg-agent:3046:1

SSH_AUTH_SOCK=/tmp/gpg-KJqbN1/S.gpg-agent.ssh

SSH_AGENT_PID=3046
```

```
# cat /tmp/gpg-psk7Xa/S.gpg-agent

cat: /tmp/gpg-psk7Xa/S.gpg-agent: No such device or address
```

In fact the file exists and is unaccessible with anything (vim, to say one).

If I understand it correctly, password are safe even while cached. Assuming someone accesses my disk (for example stealing the laptop), they couldn't read the encrypted file, because /tmp/stuff is gone on shutdown, right?

----------

## TomWij

If you temporarily move the gpg-agent bin file away, can you still reproduce it? Does GPG still work then?

----------

## disperato

by removing /tmp/gpg* everything works as expected, i.e. gpg myfile.gpg asks for password.

I also tested it with pinentry eselected to gtk and curse, and behaviour was reproduced in both cases: 

when /tmp/gpg* are left in place, gpg does not ask for a password (either with pinentry set to gtk, or ncurse);

when /tmp/gpg* are rmoved, gpg asks a password (either case, gtk, ncurse)

Noticed this (I'm trying as root, now, but for user is similar):

```
ps aux |grp gpg

/usr/bin/gpg-agent --sh --daemon --enable-ssh-support --write-env-file /root/.cache/gpg-agent-info
```

I'd like to start gpg-agent with one more option: --default-cache-ttl N

```
# gpg-agent -h

gpg-agent (GnuPG) 2.0.22

libgcrypt 1.5.3

Copyright (C) 2013 Free Software Foundation, Inc.

License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>

This is free software: you are free to change and redistribute it.

There is NO WARRANTY, to the extent permitted by law.

Syntax: gpg-agent [options] [command [args]]

Secret key management for GnuPG

Options:

 

     --daemon                     run in daemon mode (background)

     --server                     run in server mode (foreground)

 -v, --verbose                    verbose

 -q, --quiet                      be somewhat more quiet

 -s, --sh                         sh-style command output

 -c, --csh                        csh-style command output

     --options FILE               read options from FILE

     --no-detach                  do not detach from the console

     --no-grab                    do not grab keyboard and mouse

     --log-file                   use a log file for the server

     --use-standard-socket        use a standard location for the socket

     --pinentry-program PGM       use PGM as the PIN-Entry program

     --scdaemon-program PGM       use PGM as the SCdaemon program

     --disable-scdaemon           do not use the SCdaemon

     --keep-tty                   ignore requests to change the TTY

     --keep-display               ignore requests to change the X display

     --default-cache-ttl N        expire cached PINs after N seconds

     --ignore-cache-for-signing   do not use the PIN cache when signing

     --no-allow-mark-trusted      disallow clients to mark keys as "trusted"

     --allow-preset-passphrase    allow presetting passphrase

     --enable-ssh-support         enable ssh support

     --write-env-file FILE        write environment settings also to FILE

```

But cannot find out how to configure it for startup. Basically I can't find how gpg-agent is started, at what point, what launched it and where to add the desired option.

```
rc-update -s
```

 does not give any gpg/gnupg result.

I'm marked this as solved, though, not to create anxiety about non-existent security issues.

----------

## TomWij

You can try to `grep -r gpg-agent /etc/` and do the same in the home directories hidden directories like `grep -r a ~/.[A-Za-z0-9_-][A-Za-z0-9_.-]*`

A side idea is to check what the parent process is; by doing so, you get an idea what launches it and maybe that will give a better idea where to search.

If all else fails, move gpg-agent away and turn that into a wrapper script which passes along the extra argument.

----------

## khayyam

 *disperato wrote:*   

> I'd like to start gpg-agent with one more option: --default-cache-ttl N [... b]ut cannot find out how to configure it for startup. Basically I can't find how gpg-agent is started, at what point, what launched it and where to add the desired option.

 

disperato ... you'd need to create a ~/.gnupg/gpg-agent.conf and add the options there, eg:

```
# cache settings (3600 == 1hr)

default-cache-ttl 3600

default-cache-ttl-ssh 3600

enable-ssh-support
```

... that said, I've masked > gpg-1 as the who pinentry thing is broken IMO.

best ... khay

----------

