From 82095b4a885eda3b3ccf0ccab1464c40b2fcde0e Mon Sep 17 00:00:00 2001 From: ueno Date: Wed, 12 Apr 2006 10:42:31 +0000 Subject: [PATCH] Fixed. --- README | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/README b/README index 2d6ec2c..4270854 100644 --- a/README +++ b/README @@ -42,8 +42,8 @@ gpg.el, etc. EasyPG has some advantages over them. *** `call-process-region' writes data in region to temporary files. `call-process-region' writes data in region to temporary files. -Gnus/PGG and gpg.el use `call-process-region' to communicate with a -gpg subprocess. Your passphrases may leak to the filesystem! +EasyPG do _not_ use `call-process-region' to communicate with a gpg +subprocess. *** There is no way to clear strings safely. @@ -51,10 +51,11 @@ If Emacs crashed and dumps core, passphrase strings in memory are also dumped within the core file. `read-passwd' function clears passphrase strings by `(fillarray string 0)'. However, Emacs performs compaction in gc_sweep phase. If GC happens before `fillarray', passphrase -strings may be moved elsewhere in memory. It is recommended that as -soon as you are done with passphrase you should clear it manually. -However, Gnus/PGG and gpg.el can keep passphrase strings in cache for -a while. +strings may be moved elsewhere in memory. + +Fortunately, there is gpg-agent to cache passphrases in more secure +way, so EasyPG dares _not_ to cache passphrase. Elisp programs can +set `epg-context-passphrase-callback' to cache user's passphrases. ** GnuPG features are directly accessible from Emacs -- 1.7.10.4