GPG2 No Longer Caching

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
0
down vote

favorite












This just started happening a couple of days ago on Fedora 28. I want GPG to remember my private key passphrase so I can decrypt files without entering the passphrase every time.



If I run gpg2 to decrypt a file after a reboot, I get a passphrase prompt. My laptop is encrypted by LUKS so I do not mind passphrases being cached indefinitely.



Checking settings shows it is set to cache:



$ gpgconf --list-options gpg-agent |grep cache
default-cache-ttl:24:0:expire cached PINs after N seconds:3:3:N:600::34560000
default-cache-ttl-ssh:24:1:expire SSH keys after N seconds:3:3:N:1800::
max-cache-ttl:24:2:set maximum PIN cache lifetime to N seconds:3:3:N:7200::34560000
max-cache-ttl-ssh:24:2:set maximum SSH key lifetime to N seconds:3:3:N:7200::
ignore-cache-for-signing:8:0:do not use the PIN cache when signing:0:0::::
no-allow-external-cache:8:0:disallow the use of an external password cache:0:0::::


The output of



echo "KEYINFO --no-ask <id> Err Pmt Des" | gpg-connect-agent


(from https://unix.stackexchange.com/a/286218/67045)
shows it isn't cached before I put the passphrase in, and is after, however, if I then reboot it is shown as not cached again.



I also looked at this question but seems to be a different issue: GPG Password Caching is Not Working After Two Hours



This worked flawlessly previously and haven't made any changes apart from updating Skype.










share|improve this question





















  • If you reboot the system or restart gpg-agent, the expected behavior is clearing the cache... which is stored in memory, not on disk.... AFAIK... LUKS is protecting data at rest ... as soon as you enter in your LUKS passphrase, the drive is decrypted and the private keys are stored in memory... so LUKS doesn't protect anything that is running... only after the drive is powered down... So, you must have had your key passphrases stored in some key manager somewhere... and that was "entering" in your passphrase, not the gpg-agent.
    – RubberStamp
    Sep 22 at 18:38










  • I remember gpg would not save my password and I had to switch to gpg2 and then I never had to enter it again
    – SilverlightFox
    Sep 22 at 18:45










  • I only mention luks to prevent comments of the opinion of what I'm doing is insecure
    – SilverlightFox
    Sep 22 at 18:46










  • What you describe seems to be a behavior of the program used to enter in your passphrase ... and/or system key manager such as gnome keyring ... AFAIK, gpg-agent doesn't have the ability to store passphrases to disk automatically...
    – RubberStamp
    Sep 22 at 19:09














up vote
0
down vote

favorite












This just started happening a couple of days ago on Fedora 28. I want GPG to remember my private key passphrase so I can decrypt files without entering the passphrase every time.



If I run gpg2 to decrypt a file after a reboot, I get a passphrase prompt. My laptop is encrypted by LUKS so I do not mind passphrases being cached indefinitely.



Checking settings shows it is set to cache:



$ gpgconf --list-options gpg-agent |grep cache
default-cache-ttl:24:0:expire cached PINs after N seconds:3:3:N:600::34560000
default-cache-ttl-ssh:24:1:expire SSH keys after N seconds:3:3:N:1800::
max-cache-ttl:24:2:set maximum PIN cache lifetime to N seconds:3:3:N:7200::34560000
max-cache-ttl-ssh:24:2:set maximum SSH key lifetime to N seconds:3:3:N:7200::
ignore-cache-for-signing:8:0:do not use the PIN cache when signing:0:0::::
no-allow-external-cache:8:0:disallow the use of an external password cache:0:0::::


The output of



echo "KEYINFO --no-ask <id> Err Pmt Des" | gpg-connect-agent


(from https://unix.stackexchange.com/a/286218/67045)
shows it isn't cached before I put the passphrase in, and is after, however, if I then reboot it is shown as not cached again.



I also looked at this question but seems to be a different issue: GPG Password Caching is Not Working After Two Hours



This worked flawlessly previously and haven't made any changes apart from updating Skype.










share|improve this question





















  • If you reboot the system or restart gpg-agent, the expected behavior is clearing the cache... which is stored in memory, not on disk.... AFAIK... LUKS is protecting data at rest ... as soon as you enter in your LUKS passphrase, the drive is decrypted and the private keys are stored in memory... so LUKS doesn't protect anything that is running... only after the drive is powered down... So, you must have had your key passphrases stored in some key manager somewhere... and that was "entering" in your passphrase, not the gpg-agent.
    – RubberStamp
    Sep 22 at 18:38










  • I remember gpg would not save my password and I had to switch to gpg2 and then I never had to enter it again
    – SilverlightFox
    Sep 22 at 18:45










  • I only mention luks to prevent comments of the opinion of what I'm doing is insecure
    – SilverlightFox
    Sep 22 at 18:46










  • What you describe seems to be a behavior of the program used to enter in your passphrase ... and/or system key manager such as gnome keyring ... AFAIK, gpg-agent doesn't have the ability to store passphrases to disk automatically...
    – RubberStamp
    Sep 22 at 19:09












up vote
0
down vote

favorite









up vote
0
down vote

favorite











This just started happening a couple of days ago on Fedora 28. I want GPG to remember my private key passphrase so I can decrypt files without entering the passphrase every time.



If I run gpg2 to decrypt a file after a reboot, I get a passphrase prompt. My laptop is encrypted by LUKS so I do not mind passphrases being cached indefinitely.



Checking settings shows it is set to cache:



$ gpgconf --list-options gpg-agent |grep cache
default-cache-ttl:24:0:expire cached PINs after N seconds:3:3:N:600::34560000
default-cache-ttl-ssh:24:1:expire SSH keys after N seconds:3:3:N:1800::
max-cache-ttl:24:2:set maximum PIN cache lifetime to N seconds:3:3:N:7200::34560000
max-cache-ttl-ssh:24:2:set maximum SSH key lifetime to N seconds:3:3:N:7200::
ignore-cache-for-signing:8:0:do not use the PIN cache when signing:0:0::::
no-allow-external-cache:8:0:disallow the use of an external password cache:0:0::::


The output of



echo "KEYINFO --no-ask <id> Err Pmt Des" | gpg-connect-agent


(from https://unix.stackexchange.com/a/286218/67045)
shows it isn't cached before I put the passphrase in, and is after, however, if I then reboot it is shown as not cached again.



I also looked at this question but seems to be a different issue: GPG Password Caching is Not Working After Two Hours



This worked flawlessly previously and haven't made any changes apart from updating Skype.










share|improve this question













This just started happening a couple of days ago on Fedora 28. I want GPG to remember my private key passphrase so I can decrypt files without entering the passphrase every time.



If I run gpg2 to decrypt a file after a reboot, I get a passphrase prompt. My laptop is encrypted by LUKS so I do not mind passphrases being cached indefinitely.



Checking settings shows it is set to cache:



$ gpgconf --list-options gpg-agent |grep cache
default-cache-ttl:24:0:expire cached PINs after N seconds:3:3:N:600::34560000
default-cache-ttl-ssh:24:1:expire SSH keys after N seconds:3:3:N:1800::
max-cache-ttl:24:2:set maximum PIN cache lifetime to N seconds:3:3:N:7200::34560000
max-cache-ttl-ssh:24:2:set maximum SSH key lifetime to N seconds:3:3:N:7200::
ignore-cache-for-signing:8:0:do not use the PIN cache when signing:0:0::::
no-allow-external-cache:8:0:disallow the use of an external password cache:0:0::::


The output of



echo "KEYINFO --no-ask <id> Err Pmt Des" | gpg-connect-agent


(from https://unix.stackexchange.com/a/286218/67045)
shows it isn't cached before I put the passphrase in, and is after, however, if I then reboot it is shown as not cached again.



I also looked at this question but seems to be a different issue: GPG Password Caching is Not Working After Two Hours



This worked flawlessly previously and haven't made any changes apart from updating Skype.







password gpg gpg-agent






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Sep 22 at 8:27









SilverlightFox

2011413




2011413











  • If you reboot the system or restart gpg-agent, the expected behavior is clearing the cache... which is stored in memory, not on disk.... AFAIK... LUKS is protecting data at rest ... as soon as you enter in your LUKS passphrase, the drive is decrypted and the private keys are stored in memory... so LUKS doesn't protect anything that is running... only after the drive is powered down... So, you must have had your key passphrases stored in some key manager somewhere... and that was "entering" in your passphrase, not the gpg-agent.
    – RubberStamp
    Sep 22 at 18:38










  • I remember gpg would not save my password and I had to switch to gpg2 and then I never had to enter it again
    – SilverlightFox
    Sep 22 at 18:45










  • I only mention luks to prevent comments of the opinion of what I'm doing is insecure
    – SilverlightFox
    Sep 22 at 18:46










  • What you describe seems to be a behavior of the program used to enter in your passphrase ... and/or system key manager such as gnome keyring ... AFAIK, gpg-agent doesn't have the ability to store passphrases to disk automatically...
    – RubberStamp
    Sep 22 at 19:09
















  • If you reboot the system or restart gpg-agent, the expected behavior is clearing the cache... which is stored in memory, not on disk.... AFAIK... LUKS is protecting data at rest ... as soon as you enter in your LUKS passphrase, the drive is decrypted and the private keys are stored in memory... so LUKS doesn't protect anything that is running... only after the drive is powered down... So, you must have had your key passphrases stored in some key manager somewhere... and that was "entering" in your passphrase, not the gpg-agent.
    – RubberStamp
    Sep 22 at 18:38










  • I remember gpg would not save my password and I had to switch to gpg2 and then I never had to enter it again
    – SilverlightFox
    Sep 22 at 18:45










  • I only mention luks to prevent comments of the opinion of what I'm doing is insecure
    – SilverlightFox
    Sep 22 at 18:46










  • What you describe seems to be a behavior of the program used to enter in your passphrase ... and/or system key manager such as gnome keyring ... AFAIK, gpg-agent doesn't have the ability to store passphrases to disk automatically...
    – RubberStamp
    Sep 22 at 19:09















If you reboot the system or restart gpg-agent, the expected behavior is clearing the cache... which is stored in memory, not on disk.... AFAIK... LUKS is protecting data at rest ... as soon as you enter in your LUKS passphrase, the drive is decrypted and the private keys are stored in memory... so LUKS doesn't protect anything that is running... only after the drive is powered down... So, you must have had your key passphrases stored in some key manager somewhere... and that was "entering" in your passphrase, not the gpg-agent.
– RubberStamp
Sep 22 at 18:38




If you reboot the system or restart gpg-agent, the expected behavior is clearing the cache... which is stored in memory, not on disk.... AFAIK... LUKS is protecting data at rest ... as soon as you enter in your LUKS passphrase, the drive is decrypted and the private keys are stored in memory... so LUKS doesn't protect anything that is running... only after the drive is powered down... So, you must have had your key passphrases stored in some key manager somewhere... and that was "entering" in your passphrase, not the gpg-agent.
– RubberStamp
Sep 22 at 18:38












I remember gpg would not save my password and I had to switch to gpg2 and then I never had to enter it again
– SilverlightFox
Sep 22 at 18:45




I remember gpg would not save my password and I had to switch to gpg2 and then I never had to enter it again
– SilverlightFox
Sep 22 at 18:45












I only mention luks to prevent comments of the opinion of what I'm doing is insecure
– SilverlightFox
Sep 22 at 18:46




I only mention luks to prevent comments of the opinion of what I'm doing is insecure
– SilverlightFox
Sep 22 at 18:46












What you describe seems to be a behavior of the program used to enter in your passphrase ... and/or system key manager such as gnome keyring ... AFAIK, gpg-agent doesn't have the ability to store passphrases to disk automatically...
– RubberStamp
Sep 22 at 19:09




What you describe seems to be a behavior of the program used to enter in your passphrase ... and/or system key manager such as gnome keyring ... AFAIK, gpg-agent doesn't have the ability to store passphrases to disk automatically...
– RubberStamp
Sep 22 at 19:09















active

oldest

votes











Your Answer







StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: false,
noModals: false,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);













 

draft saved


draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f470678%2fgpg2-no-longer-caching%23new-answer', 'question_page');

);

Post as a guest



































active

oldest

votes













active

oldest

votes









active

oldest

votes






active

oldest

votes















 

draft saved


draft discarded















































 


draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f470678%2fgpg2-no-longer-caching%23new-answer', 'question_page');

);

Post as a guest













































































Popular posts from this blog

How to check contact read email or not when send email to Individual?

Displaying single band from multi-band raster using QGIS

How many registers does an x86_64 CPU actually have?