                        Windows GnuPG Agent
                          Version 0.1.0


Overview and short introduction
-------------------------------

The Windows GPG Agent is a port from the original GPG Agent that was only
available for Linux (X Window System). This agent can be use to cache
GPG passphrases. That means you only need to enter it once and then it's
retrieved from the internal cache. With this procedure the GPG decryption
process can be speed up. It is also possible to use it for signing. In
other words it is used in any case where GPG request the passphrase.


What GPG version is needed?
---------------------------

In the original 1.0.6 version of GPG, there is no agent support for Windows.
Because of that, we modified the GPG agent interface code that it also works
on all Windows machines. You can download this GPG version from the WinPT site
http://www.winpt.org. If you want to compile this GPG version on your own,
you can find the necessary patches to create this version in the GPG CVS.


Installation
------------

After you downloaded the patched GPG 1.0.6a-winpt version and the agent
binary you only need to copy the files into a directory and start the
agent file. Done.

Now you can use the '--use-agent' GPG option to use the agent together
with GPG. To shutdown the agent (all cached passphrases are cleared before)
with the killagent.exe program or with the taskmanager, but I recommend to
use the killagent application.


Security
--------

Most of the code was taken from the original source. But this code was
for Linux. On Win9x there are no restrictions or any privileges that
a user have. Because of this, it's very important that the machine is
only used by one person (YOU) in the time the agent is running.

The agent uses local pipes to communicate with GPG. The pipes are only
useable on the current machine, nobody else in the network is able to
read/write from/to it. But when more then one person who works on this
machine it's possible that the pipe data can be read by him!

BEFORE you connect to the internet make sure that the agent is down.
Usally it's not possible that internet user can access the pipes but it's
better to do it for security reasons.


Summary:

- Don't use the agent on WinNT/Win2K unless you are the only user on this
  system!
- Shut down BEFORE you connect to the internet!
- Shut down when you leave the machine!
- Use the killagent program to make sure all passphrases are cleared
  from the memory!

Note, the agent isn't insecure but on Win9x the grade of security is
very low. You can increase the security a bit when you take the points
above serious.

