On Mon, 2010-12-06 at 07:30 -0500, Daniel Shahaf wrote:
> Ideally, Subversion won't know the PGP passphrase. (If it does, then
> a malicious libsvn_subr can compromise a private key.)
I think you're trying to solve a different problem here. The goal is to
minimize typing of passwords without storing passwords in a fixed
medium, not to protect keys against malicious or broken Subversion code.
> For comparison, the ssh-agent protocol only allows a client of the
> agent to authenticate himself (using the agent) to a third party, but
> does not have a "Retrieve secret key" option . If we are to use PGP,
> could we find a solution with similar properties?
ssh-agent has special knowledge of the operations which will be
performed using the keying material. PGP probably doesn't have any
interest in the operations Subversion needs to do with passwords.
PKCS#11 is the most commonly used general API for operations where an
application can use a key but isn't allowed to know what it is. The
most useful free software implementation of PKCS#11 is probably NSS. I
don't think we want to go there, though.
Received on 2010-12-06 16:31:47 CET