[Gpg4win-users-en] How do I prevent dirmngr.exe from starting up and running in the background?

David Kronlid david at kronlid.net
Thu Sep 4 13:01:07 CEST 2014


Perhaps you could insert a choice during the installation process? OpenPGP,
S/MIME or both.

I would guess that most people never use S/MIME and that having unnecessary
services running in the background will be of no use to them. I have plenty
of RAM and CPU on my computers so the only problem I have maybe once or
twice a year is that DirMngr crashes, but I can live with that as GPG4Win
is free. But as there are plenty of services running in the background both
on Windows and Linux slowing hundreds of millions of computers down daily,
why not give the users a choice if they want to enable S/MIME related
services or not?

My guess is that S/MIME mostly is in use inside larger companies and
organisations because it facilitates the work for IT admins? For normal
users OpenPGP would probably be the first choice right?

/David

PS. Chris, I don't think we as a security focused community should discuss
software based on conspiracy theories. If we have proof that something
leakes to NSA, then we should say it openly to the whole world. But let's
not insinuate things about security software just because we don't know
what it does. The Swedish and German programmers that have created DirMngr
have probably no interest in providing information to NSA and such. Using
GPG is most likely far more secure than not using it.
Den 4 sep 2014 11:17 skrev "Andre Heinecke" <aheinecke at intevation.de>:

> Hi,
>
> On Thursday, September 04, 2014 12:30:42 AM Chris Marlow wrote:
> > Hi,
> >
> > The current stable version, gpg4win-2.2.1, exhibits a rather unsettling
> > behavior when installed on a Microsoft Windows OS.
>
> Every installation of gnupg2 does this, not Windows specific. Under Linux
> dirmngr also runs as a service with its own user account. Dirmngr is
> necessary
> to handle certificate revocation lists of S/MIME certificates and handles
> the
> trust in the root certificates.
>
> > After installation even when gpg4win is not launched, dirmngr.exe is
> running
> > in the background, consuming some system resources.
>
> Yes it is launched as a system service. You can disable this like any other
> service in system settings / management / services. If you do not use
> S/MIME
> or disable CRL checks this might not affect functionality.
>
> > It might even be sending data back to servers controlled by the NSA,
> GCHQ,
> > KGB or German  BND.
>
> Dirmngr will of course not send anything unrelated, but it will request
> CRL's
> from your trusted root CA's. This is traffic that can be monitored.
>
> > Could the developers prevent dirmngr.exe from ever running in the
> background
> > when gpg4win is not launched by the user?
>
> Afaik dirmngr is launched as a service and not on demand as it controls the
> certificate trust decisions regarding S/MIME, a job traditionally
> controlled by
> the System Administrator and not the user.
>
> I also think that it probably is run in the background so that it can fetch
> CRL's in the background so that you don't have to wait until a 5mb CRL is
> fetched when you want to sign a mail. But I'm not sure about this as I have
> faced some delays while waiting for CRL checks.
>
>
> Best regards,
> Andre
>
> --
> Andre Heinecke |  ++49-541-335083-262  |  http://www.intevation.de/
> Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B
> 18998
> Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
> _______________________________________________
> Gpg4win-users-en mailing list
> Gpg4win-users-en at wald.intevation.org
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/gpg4win-users-en
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wald.intevation.org/pipermail/gpg4win-users-en/attachments/20140904/a9ed70c0/attachment.html>


More information about the Gpg4win-users-en mailing list