[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: gpg-agent branch treats PGP passphrase as repository password?

From: Greg Hudson <ghudson_at_MIT.EDU>
Date: Mon, 06 Dec 2010 10:31:05 -0500

On Mon, 2010-12-06 at 07:30 -0500, Daniel Shahaf wrote:
> Ideally, Subversion won't know the PGP passphrase. (If it does, then
> a malicious libsvn_subr can compromise a private key.)

I think you're trying to solve a different problem here. The goal is to
minimize typing of passwords without storing passwords in a fixed
medium, not to protect keys against malicious or broken Subversion code.

> For comparison, the ssh-agent protocol[1] only allows a client of the
> agent to authenticate himself (using the agent) to a third party, but
> does not have a "Retrieve secret key" option [2]. If we are to use PGP,
> could we find a solution with similar properties?

ssh-agent has special knowledge of the operations which will be
performed using the keying material. PGP probably doesn't have any
interest in the operations Subversion needs to do with passwords.

PKCS#11 is the most commonly used general API for operations where an
application can use a key but isn't allowed to know what it is. The
most useful free software implementation of PKCS#11 is probably NSS. I
don't think we want to go there, though.
Received on 2010-12-06 16:31:47 CET

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.