3

I started gpg-agent as follows:

eval `gpg-agent --daemon --preset`

and in this terminal window, used the gpg-preset-passphrase command as recommended:

echo secretpassword | /usr/libexec/gpg-preset-passphrase --preset KEYGRIPID

I then used this answer to verify the password was indeed correctly cached:

echo 'GET_PASSPHRASE --no-ask KEYGRIPID Err Pmt Des'|gpg-connect-agent |
  perl -pe 's/([0-9a-fA-F]{2})/chr(hex $1)/eg'

When I now run gpg to sign or encrypt something, I get prompted for a password. This should not happen.

gpg -u KEYGRIPID --clearsign --batch somefile.txt

<curses-based prompt>

Once I enter the password correctly, and re-run the gpg-sign command, I do not get prompted. This indicates that the password is cached, albeit differently.

gpg version 2.0.14

Community
  • 1
Otheus
  • 5,945
  • 1
  • 22
  • 53

1 Answers1

1

It's not the keygripid but the fingerprint of the key. Here is the reference. Here's a fugly perl script to help you extract the needed values: 

gpg -K --fingerprint | 
perl -lne '$/="\n\n"' \
 -e if ( ($len,$grip,$fp)=/^sec\s+(\w+)\/([0-9A-Z]+).* fingerprint = (.*?)\s+uid\s/ms)' \
 -e { $fp =~ s/\s*//g; print "$grip $fp";}'

outputs:

EF2141BE 24C5202D6905CB0A5C94AB36134E3618EF6141B8
1BA3D65B 484EE4F3DC2595FAF91F51A9731342954BAFD753

Copy the 2nd column and pass that into the preset command

echo secretpassword | /usr/libexec/gpg-preset-passphrase --preset
Otheus
  • 5,945
  • 1
  • 22
  • 53