[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Monday 25 April 2005 12:44 am, Martin White wrote:
So, having gone through the whole thing of creating the key pair and registering them with the server, and then onto the DCLUG etc, etc, i have just one question... Is KMail going to insist on asking me for my passphrase EVERY time i send an email? Trust me, i send way too many emails every day to want to put up with that all day long :)
So do I! :-) You need to look at gpg-agent but how you set that up is dependent on your distribution. Gpg2 has just come into Debian unstable where the agent is more tightly integrated and KMail needs to be v1.7.x before that integration with gpg-agent also becomes straightforward. I've been using the agent with KMail for over a year but until now I've had to compile the agent from source or latterly pull in Debian packages from outside the main tree.
Any way to turn it off? Did i miss a setting somewhere?
You're thinking of having a key without a passphrase but you don't need to do that. The agent will cache the passphrase in secure memory for a configurable period of time and although I've set it fairly short, I only get prompted for a passphrase for 1 in 3 emails - provided you do your email in batches.
And, yes, i know that everyone is probably going to say that's a bad idea and defeating the object and all that, BUT, the only person that has access to this PC is me. If anyone breaks into my house and nick's off with the PC, whether or not they can send some signed emails really will be the least of my worries!!
Make sure you have a revocation certificate, print it out to paper (it's v.short), delete the file and keep the paper v.safe. It'd be wise to have a backup of your secret key somewhere v.safe too. Anyone with physical access to your machine would still have to know the passphrase to use your key BUT if you set NO passphrase, then anyone with even temporary physical access to your machine could *change* that and lock you out of your own key! (Which is why a revocation certificate is so essential.) Your key isn't just for signing email, in future you may find other uses for it and you would then be grateful for looking after your key now. -- Neil Williams ============= http://www.dcglug.org.uk/ http://www.nosoftwarepatents.com/ http://www.linux.codehelp.co.uk/
Attachment:
pgp00031.pgp
Description: PGP signature