When I run gpg2, I'm prompted for a password every time I use it. Based on my reading of the gpg-agent man pages, I should only be prompted the first time.
gpg-agent is a daemon to manage secret (private) keys independently from any proto-col. It is used as a backend for gpg and gpgsm as well as for a couple of other utilities. The agent is automatically started on demand by gpg, gpgsm, gpgconf, or gpg-connect-agent. Thus there is no reason to start it manually. ... --default-cache-ttl n Set the time a cache entry is valid to n seconds. The default is 600 sec- onds. Each time a cache entry is accessed, the entry's timer is reset. To set an entry's maximum lifetime, use max-cache-ttl. --max-cache-ttl n Set the maximum time a cache entry is valid to n seconds. After this time a cache entry will be expired even if it has been accessed recently or has been set using gpg-preset-passphrase. The default is 2 hours (7200 seconds). If I'm reading this correctly, invoking gpg2 should prompt for a password the first time that I use it, then, If I run it again in the next 600 seconds, I won't be prompted again. Running
gpg2 --export-secret-keys --armor [email protected] > /dev/null gives me this:
┌─┐ │ Please enter the passphrase to export the OpenPGP secret key: │ │ "John Doe (asdf) <[email protected]>" │ │ 2048-bit RSA key, ID EB7B49EAD38DE665, │ │ created 2018-10-09. │ │ │ │ │ │ Passphrase: _ │ │ │ │ <OK> <Cancel> │ └─┘ A quick ps aux shows that gpg-agent is running:
ps aux | grep gpg-agent jdoe 14089 0.1 0.1 100884 3588 ? SLs 18:50 0:07 /usr/bin/gpg-agent --supervised Alas, running running gpg2 --export-secret-keys... again immediately thereafter prompts me for a password again.
A few more details:
- I'm using
pinentry-curses - I've got
$GPG_TTYexported in my.bashrc gpg2 --version -> gpg (GnuPG) 2.2.4- I've read through Why does gpg ask for password even with gpg-agent? and How can I find out what keys gpg-agent has cached? (like how ssh-add -l shows you cached ssh keys) , but I didn't quite follow.
GPG_AGENT_INFOset? What happens if you dogpg2 --use-agent --export-secret-keys ....$GPG_AGENT_INFOwas not set, but @Kusalananda was correct. Othergpg2commands worked without prompting for a password.