November 6th, 2003


GPG and Pine

I'm working on learning GPG. I already know the theory and how the math works, but I've never used the tool itself.

Anyway, I now have a keypair, but I need to push it out to all the right places and start using it. I've been meaning to forever, but octal's disgust at me not having a key pushed me over the edge.

I'm currently deciding between finding a good PGP-addon for pine, or switching to mutt. I know the pine keybindings inside and out, and I fly through it, and it even has threading nowadays, so there's not a huge incentive to switch to mutt if I can get PGP working.

Pine Privacy Guard doesn't seem too secure. So now my pass phrase is on disk, and the search space to recover it from /tmp is only an integer? And that integer is being passed around between programs? Can another user on the system view that integer in 'ps'?

No, I only want my passphrase in locked memory.

How is mutt's integration and security? Do you only have to enter your passphrase once per session? Or expire from memory after so many minutes of inactivity?