GPG2 No Longer Caching
Clash Royale CLAN TAG#URR8PPP
up vote
0
down vote
favorite
This just started happening a couple of days ago on Fedora 28. I want GPG to remember my private key passphrase so I can decrypt files without entering the passphrase every time.
If I run gpg2 to decrypt a file after a reboot, I get a passphrase prompt. My laptop is encrypted by LUKS so I do not mind passphrases being cached indefinitely.
Checking settings shows it is set to cache:
$ gpgconf --list-options gpg-agent |grep cache
default-cache-ttl:24:0:expire cached PINs after N seconds:3:3:N:600::34560000
default-cache-ttl-ssh:24:1:expire SSH keys after N seconds:3:3:N:1800::
max-cache-ttl:24:2:set maximum PIN cache lifetime to N seconds:3:3:N:7200::34560000
max-cache-ttl-ssh:24:2:set maximum SSH key lifetime to N seconds:3:3:N:7200::
ignore-cache-for-signing:8:0:do not use the PIN cache when signing:0:0::::
no-allow-external-cache:8:0:disallow the use of an external password cache:0:0::::
The output of
echo "KEYINFO --no-ask <id> Err Pmt Des" | gpg-connect-agent
(from https://unix.stackexchange.com/a/286218/67045)
shows it isn't cached before I put the passphrase in, and is after, however, if I then reboot it is shown as not cached again.
I also looked at this question but seems to be a different issue: GPG Password Caching is Not Working After Two Hours
This worked flawlessly previously and haven't made any changes apart from updating Skype.
password gpg gpg-agent
asked Sep 22 at 8:27
SilverlightFox
2011413
add a comment |Â
up vote
0
down vote
favorite
This just started happening a couple of days ago on Fedora 28. I want GPG to remember my private key passphrase so I can decrypt files without entering the passphrase every time.
If I run gpg2 to decrypt a file after a reboot, I get a passphrase prompt. My laptop is encrypted by LUKS so I do not mind passphrases being cached indefinitely.
Checking settings shows it is set to cache:
$ gpgconf --list-options gpg-agent |grep cache
default-cache-ttl:24:0:expire cached PINs after N seconds:3:3:N:600::34560000
default-cache-ttl-ssh:24:1:expire SSH keys after N seconds:3:3:N:1800::
max-cache-ttl:24:2:set maximum PIN cache lifetime to N seconds:3:3:N:7200::34560000
max-cache-ttl-ssh:24:2:set maximum SSH key lifetime to N seconds:3:3:N:7200::
ignore-cache-for-signing:8:0:do not use the PIN cache when signing:0:0::::
no-allow-external-cache:8:0:disallow the use of an external password cache:0:0::::
The output of
echo "KEYINFO --no-ask <id> Err Pmt Des" | gpg-connect-agent
(from https://unix.stackexchange.com/a/286218/67045)
shows it isn't cached before I put the passphrase in, and is after, however, if I then reboot it is shown as not cached again.
I also looked at this question but seems to be a different issue: GPG Password Caching is Not Working After Two Hours
This worked flawlessly previously and haven't made any changes apart from updating Skype.
password gpg gpg-agent
asked Sep 22 at 8:27
SilverlightFox
2011413
If you reboot the system or restart gpg-agent, the expected behavior is clearing the cache... which is stored in memory, not on disk.... AFAIK... LUKS is protecting data at rest ... as soon as you enter in your LUKS passphrase, the drive is decrypted and the private keys are stored in memory... so LUKS doesn't protect anything that is running... only after the drive is powered down... So, you must have had your key passphrases stored in some key manager somewhere... and that was "entering" in your passphrase, not the gpg-agent.
– RubberStamp
Sep 22 at 18:38
I remember gpg would not save my password and I had to switch to gpg2 and then I never had to enter it again
– SilverlightFox
Sep 22 at 18:45
I only mention luks to prevent comments of the opinion of what I'm doing is insecure
– SilverlightFox
Sep 22 at 18:46
What you describe seems to be a behavior of the program used to enter in your passphrase ... and/or system key manager such as gnome keyring ... AFAIK, gpg-agent doesn't have the ability to store passphrases to disk automatically...
– RubberStamp
Sep 22 at 19:09
add a comment |Â
up vote
0
down vote
favorite
up vote
0
down vote
favorite
This just started happening a couple of days ago on Fedora 28. I want GPG to remember my private key passphrase so I can decrypt files without entering the passphrase every time.
If I run gpg2 to decrypt a file after a reboot, I get a passphrase prompt. My laptop is encrypted by LUKS so I do not mind passphrases being cached indefinitely.
Checking settings shows it is set to cache:
$ gpgconf --list-options gpg-agent |grep cache
default-cache-ttl:24:0:expire cached PINs after N seconds:3:3:N:600::34560000
default-cache-ttl-ssh:24:1:expire SSH keys after N seconds:3:3:N:1800::
max-cache-ttl:24:2:set maximum PIN cache lifetime to N seconds:3:3:N:7200::34560000
max-cache-ttl-ssh:24:2:set maximum SSH key lifetime to N seconds:3:3:N:7200::
ignore-cache-for-signing:8:0:do not use the PIN cache when signing:0:0::::
no-allow-external-cache:8:0:disallow the use of an external password cache:0:0::::
The output of
echo "KEYINFO --no-ask <id> Err Pmt Des" | gpg-connect-agent
(from https://unix.stackexchange.com/a/286218/67045)
shows it isn't cached before I put the passphrase in, and is after, however, if I then reboot it is shown as not cached again.
I also looked at this question but seems to be a different issue: GPG Password Caching is Not Working After Two Hours
This worked flawlessly previously and haven't made any changes apart from updating Skype.
password gpg gpg-agent
asked Sep 22 at 8:27
SilverlightFox
2011413
This just started happening a couple of days ago on Fedora 28. I want GPG to remember my private key passphrase so I can decrypt files without entering the passphrase every time.
If I run gpg2 to decrypt a file after a reboot, I get a passphrase prompt. My laptop is encrypted by LUKS so I do not mind passphrases being cached indefinitely.
Checking settings shows it is set to cache:
$ gpgconf --list-options gpg-agent |grep cache
default-cache-ttl:24:0:expire cached PINs after N seconds:3:3:N:600::34560000
default-cache-ttl-ssh:24:1:expire SSH keys after N seconds:3:3:N:1800::
max-cache-ttl:24:2:set maximum PIN cache lifetime to N seconds:3:3:N:7200::34560000
max-cache-ttl-ssh:24:2:set maximum SSH key lifetime to N seconds:3:3:N:7200::
ignore-cache-for-signing:8:0:do not use the PIN cache when signing:0:0::::
no-allow-external-cache:8:0:disallow the use of an external password cache:0:0::::
The output of
echo "KEYINFO --no-ask <id> Err Pmt Des" | gpg-connect-agent
(from https://unix.stackexchange.com/a/286218/67045)
shows it isn't cached before I put the passphrase in, and is after, however, if I then reboot it is shown as not cached again.
I also looked at this question but seems to be a different issue: GPG Password Caching is Not Working After Two Hours
This worked flawlessly previously and haven't made any changes apart from updating Skype.
password gpg gpg-agent
password gpg gpg-agent
asked Sep 22 at 8:27
SilverlightFox
2011413
asked Sep 22 at 8:27
SilverlightFox
2011413
asked Sep 22 at 8:27
SilverlightFox
2011413
asked Sep 22 at 8:27
SilverlightFox
2011413
asked Sep 22 at 8:27
SilverlightFox
2011413
2011413
If you reboot the system or restart gpg-agent, the expected behavior is clearing the cache... which is stored in memory, not on disk.... AFAIK... LUKS is protecting data at rest ... as soon as you enter in your LUKS passphrase, the drive is decrypted and the private keys are stored in memory... so LUKS doesn't protect anything that is running... only after the drive is powered down... So, you must have had your key passphrases stored in some key manager somewhere... and that was "entering" in your passphrase, not the gpg-agent.
– RubberStamp
Sep 22 at 18:38
I remember gpg would not save my password and I had to switch to gpg2 and then I never had to enter it again
– SilverlightFox
Sep 22 at 18:45
I only mention luks to prevent comments of the opinion of what I'm doing is insecure
– SilverlightFox
Sep 22 at 18:46
What you describe seems to be a behavior of the program used to enter in your passphrase ... and/or system key manager such as gnome keyring ... AFAIK, gpg-agent doesn't have the ability to store passphrases to disk automatically...
– RubberStamp
Sep 22 at 19:09
add a comment |Â
If you reboot the system or restart gpg-agent, the expected behavior is clearing the cache... which is stored in memory, not on disk.... AFAIK... LUKS is protecting data at rest ... as soon as you enter in your LUKS passphrase, the drive is decrypted and the private keys are stored in memory... so LUKS doesn't protect anything that is running... only after the drive is powered down... So, you must have had your key passphrases stored in some key manager somewhere... and that was "entering" in your passphrase, not the gpg-agent.
– RubberStamp
Sep 22 at 18:38
I remember gpg would not save my password and I had to switch to gpg2 and then I never had to enter it again
– SilverlightFox
Sep 22 at 18:45
I only mention luks to prevent comments of the opinion of what I'm doing is insecure
– SilverlightFox
Sep 22 at 18:46
What you describe seems to be a behavior of the program used to enter in your passphrase ... and/or system key manager such as gnome keyring ... AFAIK, gpg-agent doesn't have the ability to store passphrases to disk automatically...
– RubberStamp
Sep 22 at 19:09
If you reboot the system or restart gpg-agent, the expected behavior is clearing the cache... which is stored in memory, not on disk.... AFAIK... LUKS is protecting data at rest ... as soon as you enter in your LUKS passphrase, the drive is decrypted and the private keys are stored in memory... so LUKS doesn't protect anything that is running... only after the drive is powered down... So, you must have had your key passphrases stored in some key manager somewhere... and that was "entering" in your passphrase, not the gpg-agent.
– RubberStamp
Sep 22 at 18:38
If you reboot the system or restart gpg-agent, the expected behavior is clearing the cache... which is stored in memory, not on disk.... AFAIK... LUKS is protecting data at rest ... as soon as you enter in your LUKS passphrase, the drive is decrypted and the private keys are stored in memory... so LUKS doesn't protect anything that is running... only after the drive is powered down... So, you must have had your key passphrases stored in some key manager somewhere... and that was "entering" in your passphrase, not the gpg-agent.
– RubberStamp
Sep 22 at 18:38
I remember gpg would not save my password and I had to switch to gpg2 and then I never had to enter it again
– SilverlightFox
Sep 22 at 18:45
I remember gpg would not save my password and I had to switch to gpg2 and then I never had to enter it again
– SilverlightFox
Sep 22 at 18:45
I only mention luks to prevent comments of the opinion of what I'm doing is insecure
– SilverlightFox
Sep 22 at 18:46
I only mention luks to prevent comments of the opinion of what I'm doing is insecure
– SilverlightFox
Sep 22 at 18:46
What you describe seems to be a behavior of the program used to enter in your passphrase ... and/or system key manager such as gnome keyring ... AFAIK, gpg-agent doesn't have the ability to store passphrases to disk automatically...
– RubberStamp
Sep 22 at 19:09
What you describe seems to be a behavior of the program used to enter in your passphrase ... and/or system key manager such as gnome keyring ... AFAIK, gpg-agent doesn't have the ability to store passphrases to disk automatically...
– RubberStamp
Sep 22 at 19:09
add a comment |Â
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f470678%2fgpg2-no-longer-caching%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
If you reboot the system or restart gpg-agent, the expected behavior is clearing the cache... which is stored in memory, not on disk.... AFAIK... LUKS is protecting data at rest ... as soon as you enter in your LUKS passphrase, the drive is decrypted and the private keys are stored in memory... so LUKS doesn't protect anything that is running... only after the drive is powered down... So, you must have had your key passphrases stored in some key manager somewhere... and that was "entering" in your passphrase, not the gpg-agent.
– RubberStamp
Sep 22 at 18:38
I remember gpg would not save my password and I had to switch to gpg2 and then I never had to enter it again
– SilverlightFox
Sep 22 at 18:45
I only mention luks to prevent comments of the opinion of what I'm doing is insecure
– SilverlightFox
Sep 22 at 18:46
What you describe seems to be a behavior of the program used to enter in your passphrase ... and/or system key manager such as gnome keyring ... AFAIK, gpg-agent doesn't have the ability to store passphrases to disk automatically...
– RubberStamp
Sep 22 at 19:09