Of course I can write SE Linux policy to protect gpg-agent but that takes me back to the “same benefits can and should be made available to people who don’t use SE Linux” point.

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=490545

I’ve filed a bug report at the above URL.

That’ll teach me to refuse to encrypt back-ups (because I want the maximum chance of recovering them later – lots later), and then carrying them around away from the computer that was backed-up.

So yes, the pass phrase was useful for me – although the key still got revoked.

It also raises the barrier in 1 and 2 and 4. Not only do you have to compromise the system, you then have to capture the pass phrase. Easy perhaps, but not if the owner notices something is up before re-entering their pass phrase.

@etbe
Yes I didn’t spell it out very clearly; I did mean a system which does not run X for reading email.

The main advantage of gnupg-agent as pointed out by Russ if of course that it’s completely application-agnostic (if you’ll let me throw that term in there). Now for me it doesn’t matter whether I’m using GNOME or KDE, or Thunderbird or something else; I still use the same mechanism for entering my pass-phrase. That’s a win, and I think it’s the best that you can hope for in a graphical environment.

In my experience, applications don’t have to use it or even be aware of its existence at all. If GnuPG is configured to use the agent, invocations of GnuPG spawn gnupg-pinentry without ever telling the calling application that a password is needed. Once you configure GnuPG to always use the agent, applications are no longer aware that you even have passphrases.

A quick Google search apparently reveals (I don’t use it myself) that Enigmail does indeed work with gnupg-agent and doesn’t appear to do anything strange that breaks it. (Unless you’re on Windows, where in general getting the agent working is harder.)

I don’t believe that MUTT is necessarily more secure merely for not using X. If you ran MUTT on a system which did not use X then you would get a significant security benefit (EG run Lynx and Mutt in different virtual consoles and with different UIDs). When we get the X access controls for SE Linux in production there will be some significant benefits there too.

http://np237.livejournal.com/18721.html

At the above URL Josselin Mouette comments on this and suggests that once a PAM bug is resolved it will be possible to use the GNOME GPG agent. In addition to the issue that not all applications will use the GNOME GPG agent (although I guess you could just avoid potentially insecure applications).

Finally we have to keep in mind the fact that the most pessimal possibilities need to be considered when discussing security. So if a machine is stolen it might be most likely that no pass-phrases were in RAM and there was no unencrypted data on disk which allows recovery and the encryption was all of adequate strength. But you still need to consider the less likely possibility that the attacker got lucky.

Also in regard to compromise of applications and systems, you can never really be sure that your system has not been cracked.

A passphrase doesn’t bring you many hard guarantees but it vastly reduces the chances of an attack being actually successful.