PuTTY wish pageant-deferred-decrypt

This is a mirror. Follow this link to find the primary PuTTY web site.

Home | FAQ | Feedback | Licence | Updates | Mirrors | Keys | Links | Team
Download: Stable · Snapshot | Docs | Privacy | Changes | Wishlist

summary: Deferred key decryption in Pageant
class: wish: This is a request for an enhancement.
difficulty: tricky: Needs many tuits.
depends: pageant-named-pipe
priority: medium: This should be fixed one day.
fixed-in: 8edeecdcfdfaca2fec63ee81f6f28856e695c1ef 2021-04-05 (0.75)

It would be nice if Pageant could support a mode in which it examines a public key file at startup and immediately starts advertising the key to clients, but doesn't actually decrypt the key (hence, does not prompt for a passphrase either) until the first time it's called on to actually generate a signature. Then it would decrypt the key and load it properly.

On Windows, this almost certainly depends on pageant-named-pipe. Also, depending on whether it turns out to be feasible to separate the GUI and agent-request message queues (see discussion in the linked issue), we might have no option but to present not-yet-decrypted keys only to clients using named-pipe IPC, and pretend to old-style WM_COPYDATA clients that those keys aren't loaded at all.

2021-04: implemented, including old Windows clients' ability to work with deferred decryption. (This won't work brilliantly if multiple old clients make blocking requests simultaneously, but that can't be helped.)

If you want to comment on this web site, see the Feedback page.
Audit trail for this wish.
(last revision of this bug record was at 2021-04-08 01:12:28 +0100)