When I run gpg2, I'm prompted for a password every time I use it.
Based on my reading of the gpg-agent man pages, I should only be
prompted the first time.
gpg-agent is a daemon to manage secret (private)
keys independently from any proto-col. It is
used as a backend for gpg and gpgsm as well as
for a couple of other utilities.
The agent is automatically started on demand
by gpg, gpgsm, gpgconf, or gpg-connect-agent.
Thus there is no reason to start it manually.
...
--default-cache-ttl n
Set the time a cache entry is valid to n
seconds. The default is 600 sec- onds.
Each time a cache entry is accessed, the
entry's timer is reset. To set an entry's
maximum lifetime, use max-cache-ttl.
--max-cache-ttl n
Set the maximum time a cache entry is valid
to n seconds. After this time a cache
entry will be expired even if it has been
accessed recently or has been set using
gpg-preset-passphrase. The default is 2
hours (7200 seconds).
If I'm reading this correctly, invoking gpg2 should prompt for a password the first time that I use it, then, If I run it again in the next 600 seconds, I won't be prompted again. Running
gpg2 --export-secret-keys --armor [email protected] > /dev/null
gives me this:
┌─┐
│ Please enter the passphrase to export the OpenPGP secret key: │
│ "John Doe (asdf) <[email protected]>" │
│ 2048-bit RSA key, ID EB7B49EAD38DE665, │
│ created 2018-10-09. │
│ │
│ │
│ Passphrase: _ │
│ │
│ <OK> <Cancel> │
└─┘
A quick ps aux shows that gpg-agent is running:
ps aux | grep gpg-agent
jdoe 14089 0.1 0.1 100884 3588 ? SLs 18:50 0:07 /usr/bin/gpg-agent --supervised
Alas, running running gpg2 --export-secret-keys... again immediately thereafter prompts me for a password again.
A few more details:
- I'm using
pinentry-curses - I've got
$GPG_TTYexported in my.bashrc gpg2 --version -> gpg (GnuPG) 2.2.4- I've read through Why does gpg ask for password even with gpg-agent? and How can I find out what keys gpg-agent has cached? (like how ssh-add -l shows you cached ssh keys) , but I didn't quite follow.
