What are the steps needed to cache passphrases entered via pinentry using gpg-preset-passphrase in 2.1.15?
Clash Royale CLAN TAG#URR8PPP
up vote
6
down vote
favorite
I'm seeking to cache passphrases for use on an unattended machine. As doing this poses some risk, I'd prefer choosing which passphrases get cached and avoid setting both default-cache-ttl
and max-cache-ttl
to obnoxiously high values as well as avoid needing to clear gpg-agent
's entire cache periodically - hence I'm looking for a solution with gpg-preset-passphrase
. Some of the information I found while troubleshooting refer to older versions of GnuPG so I'm unsure if I have sufficiently accounted for all the differences.
First, as prescribed by man 1 gpg-agent
, I have export GPG_TTY=$(tty)
in my .bashrc.
Now suppose I run eval $(gpg-agent --daemon --allow-preset-passphrase --default-cache-ttl 1 --max-cache-ttl 31536000)
to start gpg-agent, noting that gpg-preset-passphrase still honors --max-cache-ttl (default 2 hours).
I then get the keygrip $KEYGRIP
of the desired secret subkey with gpg --with-keygrip -K
.
With that I try /path/to/gpg-preset-passphrase -c $KEYGRIP
. Upon hitting return, this prints:
gpg-preset-passphrase: caching passphrase failed: Not implemented
Attempting again adding --verbose --debug 6 --log-file /path/to/gpg-agent.log
to gpg-agent
, my log is appended with
gpg-agent[4206] listening on socket /run/user/1000/gnupg/S.gpg-agent
gpg-agent[4207] gpg-agent (GnuPG) 2.1.15 started
gpg-agent[4207] handler 0x7f86ef783700 for fd 5 started
gpg-agent[4207] command PRESET_PASSPHRASE failed: Not implemented
gpg-agent[4207] handler 0x7f86ef783700 for fd 5 terminated
I'm unsure where to proceed from this apart from diving deeper into the source, so I'm wondering if anyone can first correct the steps I'm taking.
gpg gpg-agent
add a comment |Â
up vote
6
down vote
favorite
I'm seeking to cache passphrases for use on an unattended machine. As doing this poses some risk, I'd prefer choosing which passphrases get cached and avoid setting both default-cache-ttl
and max-cache-ttl
to obnoxiously high values as well as avoid needing to clear gpg-agent
's entire cache periodically - hence I'm looking for a solution with gpg-preset-passphrase
. Some of the information I found while troubleshooting refer to older versions of GnuPG so I'm unsure if I have sufficiently accounted for all the differences.
First, as prescribed by man 1 gpg-agent
, I have export GPG_TTY=$(tty)
in my .bashrc.
Now suppose I run eval $(gpg-agent --daemon --allow-preset-passphrase --default-cache-ttl 1 --max-cache-ttl 31536000)
to start gpg-agent, noting that gpg-preset-passphrase still honors --max-cache-ttl (default 2 hours).
I then get the keygrip $KEYGRIP
of the desired secret subkey with gpg --with-keygrip -K
.
With that I try /path/to/gpg-preset-passphrase -c $KEYGRIP
. Upon hitting return, this prints:
gpg-preset-passphrase: caching passphrase failed: Not implemented
Attempting again adding --verbose --debug 6 --log-file /path/to/gpg-agent.log
to gpg-agent
, my log is appended with
gpg-agent[4206] listening on socket /run/user/1000/gnupg/S.gpg-agent
gpg-agent[4207] gpg-agent (GnuPG) 2.1.15 started
gpg-agent[4207] handler 0x7f86ef783700 for fd 5 started
gpg-agent[4207] command PRESET_PASSPHRASE failed: Not implemented
gpg-agent[4207] handler 0x7f86ef783700 for fd 5 terminated
I'm unsure where to proceed from this apart from diving deeper into the source, so I'm wondering if anyone can first correct the steps I'm taking.
gpg gpg-agent
Did you ever solve this?
â AlMehdi
Feb 27 '17 at 21:03
I'm marginally sure the passphrase has to be sent to stdin ofgpg-preset-passphrase
, my first concrete lead on that is from this mailing list lists.gnupg.org/pipermail/gnupg-users/2010-January/037876.html
â ThorSummoner
Mar 9 at 22:33
how to send it from stdin, instead of echo? this doens't sound secure at all
â holms
Mar 26 at 12:26
add a comment |Â
up vote
6
down vote
favorite
up vote
6
down vote
favorite
I'm seeking to cache passphrases for use on an unattended machine. As doing this poses some risk, I'd prefer choosing which passphrases get cached and avoid setting both default-cache-ttl
and max-cache-ttl
to obnoxiously high values as well as avoid needing to clear gpg-agent
's entire cache periodically - hence I'm looking for a solution with gpg-preset-passphrase
. Some of the information I found while troubleshooting refer to older versions of GnuPG so I'm unsure if I have sufficiently accounted for all the differences.
First, as prescribed by man 1 gpg-agent
, I have export GPG_TTY=$(tty)
in my .bashrc.
Now suppose I run eval $(gpg-agent --daemon --allow-preset-passphrase --default-cache-ttl 1 --max-cache-ttl 31536000)
to start gpg-agent, noting that gpg-preset-passphrase still honors --max-cache-ttl (default 2 hours).
I then get the keygrip $KEYGRIP
of the desired secret subkey with gpg --with-keygrip -K
.
With that I try /path/to/gpg-preset-passphrase -c $KEYGRIP
. Upon hitting return, this prints:
gpg-preset-passphrase: caching passphrase failed: Not implemented
Attempting again adding --verbose --debug 6 --log-file /path/to/gpg-agent.log
to gpg-agent
, my log is appended with
gpg-agent[4206] listening on socket /run/user/1000/gnupg/S.gpg-agent
gpg-agent[4207] gpg-agent (GnuPG) 2.1.15 started
gpg-agent[4207] handler 0x7f86ef783700 for fd 5 started
gpg-agent[4207] command PRESET_PASSPHRASE failed: Not implemented
gpg-agent[4207] handler 0x7f86ef783700 for fd 5 terminated
I'm unsure where to proceed from this apart from diving deeper into the source, so I'm wondering if anyone can first correct the steps I'm taking.
gpg gpg-agent
I'm seeking to cache passphrases for use on an unattended machine. As doing this poses some risk, I'd prefer choosing which passphrases get cached and avoid setting both default-cache-ttl
and max-cache-ttl
to obnoxiously high values as well as avoid needing to clear gpg-agent
's entire cache periodically - hence I'm looking for a solution with gpg-preset-passphrase
. Some of the information I found while troubleshooting refer to older versions of GnuPG so I'm unsure if I have sufficiently accounted for all the differences.
First, as prescribed by man 1 gpg-agent
, I have export GPG_TTY=$(tty)
in my .bashrc.
Now suppose I run eval $(gpg-agent --daemon --allow-preset-passphrase --default-cache-ttl 1 --max-cache-ttl 31536000)
to start gpg-agent, noting that gpg-preset-passphrase still honors --max-cache-ttl (default 2 hours).
I then get the keygrip $KEYGRIP
of the desired secret subkey with gpg --with-keygrip -K
.
With that I try /path/to/gpg-preset-passphrase -c $KEYGRIP
. Upon hitting return, this prints:
gpg-preset-passphrase: caching passphrase failed: Not implemented
Attempting again adding --verbose --debug 6 --log-file /path/to/gpg-agent.log
to gpg-agent
, my log is appended with
gpg-agent[4206] listening on socket /run/user/1000/gnupg/S.gpg-agent
gpg-agent[4207] gpg-agent (GnuPG) 2.1.15 started
gpg-agent[4207] handler 0x7f86ef783700 for fd 5 started
gpg-agent[4207] command PRESET_PASSPHRASE failed: Not implemented
gpg-agent[4207] handler 0x7f86ef783700 for fd 5 terminated
I'm unsure where to proceed from this apart from diving deeper into the source, so I'm wondering if anyone can first correct the steps I'm taking.
gpg gpg-agent
gpg gpg-agent
asked Oct 18 '16 at 20:05
user5255922
314
314
Did you ever solve this?
â AlMehdi
Feb 27 '17 at 21:03
I'm marginally sure the passphrase has to be sent to stdin ofgpg-preset-passphrase
, my first concrete lead on that is from this mailing list lists.gnupg.org/pipermail/gnupg-users/2010-January/037876.html
â ThorSummoner
Mar 9 at 22:33
how to send it from stdin, instead of echo? this doens't sound secure at all
â holms
Mar 26 at 12:26
add a comment |Â
Did you ever solve this?
â AlMehdi
Feb 27 '17 at 21:03
I'm marginally sure the passphrase has to be sent to stdin ofgpg-preset-passphrase
, my first concrete lead on that is from this mailing list lists.gnupg.org/pipermail/gnupg-users/2010-January/037876.html
â ThorSummoner
Mar 9 at 22:33
how to send it from stdin, instead of echo? this doens't sound secure at all
â holms
Mar 26 at 12:26
Did you ever solve this?
â AlMehdi
Feb 27 '17 at 21:03
Did you ever solve this?
â AlMehdi
Feb 27 '17 at 21:03
I'm marginally sure the passphrase has to be sent to stdin of
gpg-preset-passphrase
, my first concrete lead on that is from this mailing list lists.gnupg.org/pipermail/gnupg-users/2010-January/037876.htmlâ ThorSummoner
Mar 9 at 22:33
I'm marginally sure the passphrase has to be sent to stdin of
gpg-preset-passphrase
, my first concrete lead on that is from this mailing list lists.gnupg.org/pipermail/gnupg-users/2010-January/037876.htmlâ ThorSummoner
Mar 9 at 22:33
how to send it from stdin, instead of echo? this doens't sound secure at all
â holms
Mar 26 at 12:26
how to send it from stdin, instead of echo? this doens't sound secure at all
â holms
Mar 26 at 12:26
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
0
down vote
I've also got this problem and I've solved by adding configuration to gpg-agent, you can find it in here:
https://stackoverflow.com/questions/49491679/how-to-enter-gnupg-agent-key-passhprase-from-cli
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
I've also got this problem and I've solved by adding configuration to gpg-agent, you can find it in here:
https://stackoverflow.com/questions/49491679/how-to-enter-gnupg-agent-key-passhprase-from-cli
add a comment |Â
up vote
0
down vote
I've also got this problem and I've solved by adding configuration to gpg-agent, you can find it in here:
https://stackoverflow.com/questions/49491679/how-to-enter-gnupg-agent-key-passhprase-from-cli
add a comment |Â
up vote
0
down vote
up vote
0
down vote
I've also got this problem and I've solved by adding configuration to gpg-agent, you can find it in here:
https://stackoverflow.com/questions/49491679/how-to-enter-gnupg-agent-key-passhprase-from-cli
I've also got this problem and I've solved by adding configuration to gpg-agent, you can find it in here:
https://stackoverflow.com/questions/49491679/how-to-enter-gnupg-agent-key-passhprase-from-cli
answered Mar 26 at 13:02
holms
13929
13929
add a comment |Â
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f317298%2fwhat-are-the-steps-needed-to-cache-passphrases-entered-via-pinentry-using-gpg-pr%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Did you ever solve this?
â AlMehdi
Feb 27 '17 at 21:03
I'm marginally sure the passphrase has to be sent to stdin of
gpg-preset-passphrase
, my first concrete lead on that is from this mailing list lists.gnupg.org/pipermail/gnupg-users/2010-January/037876.htmlâ ThorSummoner
Mar 9 at 22:33
how to send it from stdin, instead of echo? this doens't sound secure at all
â holms
Mar 26 at 12:26