1

This just started happening a couple of days ago on Fedora 28. I want GPG to remember my private key passphrase so I can decrypt files without entering the passphrase every time.

If I run gpg2 to decrypt a file after a reboot, I get a passphrase prompt. My laptop is encrypted by LUKS so I do not mind passphrases being cached indefinitely.

Checking settings shows it is set to cache:

$ gpgconf --list-options gpg-agent |grep cache default-cache-ttl:24:0:expire cached PINs after N seconds:3:3:N:600::34560000 default-cache-ttl-ssh:24:1:expire SSH keys after N seconds:3:3:N:1800:: max-cache-ttl:24:2:set maximum PIN cache lifetime to N seconds:3:3:N:7200::34560000 max-cache-ttl-ssh:24:2:set maximum SSH key lifetime to N seconds:3:3:N:7200:: ignore-cache-for-signing:8:0:do not use the PIN cache when signing:0:0:::: no-allow-external-cache:8:0:disallow the use of an external password cache:0:0::::

The output of 

echo "KEYINFO --no-ask <id> Err Pmt Des" | gpg-connect-agent

(from https://unix.stackexchange.com/a/286218/67045) shows it isn't cached before I put the passphrase in, and is after, however, if I then reboot it is shown as not cached again.

I also looked at this question but seems to be a different issue: GPG Password Caching is Not Working After Two Hours

This worked flawlessly previously and haven't made any changes apart from updating Skype.

Improve this question
5
  • If you reboot the system or restart gpg-agent, the expected behavior is clearing the cache... which is stored in memory, not on disk.... AFAIK... LUKS is protecting data at rest ... as soon as you enter in your LUKS passphrase, the drive is decrypted and the private keys are stored in memory... so LUKS doesn't protect anything that is running... only after the drive is powered down... So, you must have had your key passphrases stored in some key manager somewhere... and that was "entering" in your passphrase, not the gpg-agent. Commented Sep 22, 2018 at 18:38
  • I remember gpg would not save my password and I had to switch to gpg2 and then I never had to enter it again Commented Sep 22, 2018 at 18:45
  • I only mention luks to prevent comments of the opinion of what I'm doing is insecure Commented Sep 22, 2018 at 18:46
  • What you describe seems to be a behavior of the program used to enter in your passphrase ... and/or system key manager such as gnome keyring ... AFAIK, gpg-agent doesn't have the ability to store passphrases to disk automatically... Commented Sep 22, 2018 at 19:09
  • Strange how it suddenly stopped working in KDE Plasma. I'm guessing seahorse gave up on it for some reason. I'd heard the Fedora 28 version is a bit ropey. In the end I did gpg --edit-key then passwd to remove the passphrase. Commented Oct 14, 2018 at 19:26

0

Reset to default

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.