[Tickets #2915] RESOLVED: PGP/GPG: sync horde-logon pw and gpg-passphrase
bugs@bugs.horde.org
bugs at bugs.horde.org
Fri Nov 4 15:04:19 PST 2005
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/?id=2915
-----------------------------------------------------------------------
Ticket | 2915
Updated By | sven at cryonet.de
Summary | PGP/GPG: sync horde-logon pw and gpg-passphrase
Queue | IMP
Version | HEAD
State | Rejected
Priority | 1. Low
Type | Enhancement
Owners |
-----------------------------------------------------------------------
sven at cryonet.de (2005-11-04 15:04) wrote:
> no. The horde/imp login password has absolutely nothing to do with
> the pgp password.
the idea behind this request is to make the usage of pgp (optionally) easier
for the end-user. protecting the private key using a passphrase is
absolutely necessary because the key is saved server-side. but why not
allow the user to use his horde/imp-pwd as passphrase and to keep his
passphrase in sync with it? the horde/imp-pwd is not saved as clear-text in
a secure setup so this should not be a security risk (assuming
hash-algorithms etc. are secure). the user just would not have to type his
passphrase for sending/viewing encrypted or signed messages. if the
passphrase is entered the first time it *is already* stored in the session
until the user logs of or tells horde to "forget" the passphrase. making
such a configuration optionally available would make the usage of pgp more
transparent.
More information about the bugs
mailing list