Ubuntu – How to cache pgp passphrase permanently with seahorse (14.04)

14.04gnupgpgpseahorse

I am trying to get seahorse-daemon (formerly seahorse-agent) to cache the passphrase for private pgp keys permanently.

I have used dconf-editor to set "gpg-cache-method" to always, but the setting is ignored, seahorse prompts for passphrase entry every time the key is used.

Interestingly I have six machines all running 14.04 with latest updates, and I can't figure out why some of them do cache the passphrase permanently while others don't.

Thanks in advance for any ideas.

Best Answer

To permanently save the a passphrase in the keyring, use seahorse-ssh-askpass from package seahorse:

/usr/lib/seahorse/seahorse-ssh-askpass my_key

Note: You have to have a have the corresponding .pub file in the same directory as the private key (~/.ssh/id_rsa.pub in the example). Also, make sure that the public key is the file name of the private key plus .pub (for example, my_key.pub).

Related Solutions

Ubuntu – How to verify the PGP downloaded signature of the TrueCrypt setup file with Seahorse

I do not think you can do all of the steps with Seahorse and the seahorse plugins do not seem to be maintained beyond 11.04.

Create a gpg key

Start seahorse , under the main menu New -> Create a new GPG key

New gpg key

Fill in the subsequent information and password

Info passwd

2) Download the PGP key from Truecrypt You can do this with any browser, save the file where you wish. For this tutorial I will use Downloads in your home directory.

http://www.truecrypt.org/downloads2

The file is called "TrueCrypt-Foundation-Public-Key.asc"

https://www.truecrypt.org/download/TrueCrypt-Foundation-Public-Key.asc

3) With seahorse, import and sign the key

In the seahorse menu -> File -> Import

Select the truecrypt key ( "TrueCrypt-Foundation-Public-Key.asc" )

Now sign the key as trusted

Under the "other" tab, select the truecrypt key and sign it as trusted

Trust 1

Trust 2

Trust 3

4) Download the truecrypt PGP signature from here, save it in Downloads

http://www.truecrypt.org/downloads

5) As far as I know, you can only verify the signature from the command line

cd ~/Desktop
~/Desktop$ gpg truecrypt-7.1a-linux-x86.tar.gz.sig --verify truecrypt-6.2a-ubuntu-x86.tar.gz

Should yield

gpg: Good signature from "TrueCrypt Foundation "

SSH GnuPG Keyrings – Adjust Default Passphrase Caching Duration for GPG/PGP/SSH Keys

Lauch dconf-editor.
Navigate to desktop - gnome - crypto - cache.
change gpg-cache-method to idle or timeout.
change gpg-cache-ttl to the number of seconds you want the passphrase to be cached.
Restart the gnome-keyring daemon $ gnome-keyring-daemon -r

idle means that the timer is reset each time you use the key before timeout is reached. timeout means that simply the time elapsed since entering the passphrase is considered.

This only works for GPG-keys. Passphrases for SSH-keys are still cached until the end of the session. IMHO this is a bug.

Best Answer

Related Solutions

Ubuntu – How to verify the PGP downloaded signature of the TrueCrypt setup file with Seahorse

SSH GnuPG Keyrings – Adjust Default Passphrase Caching Duration for GPG/PGP/SSH Keys

Related Question