Encrypting a password using gpg without constantly asking for password

gpgpasswordSecurity

I have a service that checks my email regularly, and I use gpg to encrypt my email password. The problem is that every time I lock my computer or after a certain amount of time gpg shows a graphical interface to ask for the password.

Is there a way, even if it's less secure, to have gpg remember my password until I restart my computer? Or perhaps use my log-in password which I have to input anyways to unlock my computer? If that's not possible with gpg, is there another tool that can achieve this?

Best Answer

GPG can not directly be set to keep the password until restart, but you can change the time it caches the passwords to a very long time, e.g. a year. Add the following lines to $GNUPGHOME/gpg-agent.conf ($GNUPGHOME is usually ~/.config/gnupg):

default-cache-ttl 31536000
max-cache-ttl 31536000

This sets the time for caching passphrases to one year (31536000 seconds). default-cache-ttl is the normal caching time, which is reset when the key is used (so on each use it is cached longer), while max-cache-ttl limits the total time including extensions.

Related Solutions

Linux Mint MATE: Disable encrypted volume password dialog

I am not familiar with the application prompting you for a password (gpg has a similar program called gpg-agent), but I would think that "remember forever" would make the password prompt not pop up again (since the password will be remembered).

To see what process is making the pop-up appear, the next time it appears, type in ps auxw in a terminal window and see if any of the processes appear to be a name for a password pop-up application.

Or, you may find someone here who knows the application if you post a screenshot of the password prompt in your question.

How to make the default-cache-ttl option of gpg-agent work

I solved the problem by upgrading gnupg from 1.4 to 2.1 which seemed to simplify a lot the configuration.

However, it generated an error of migration of the secret key between gpg and gpg2.

gpg2 generated the following error message when I was requiring password from pass:

gpg: decryption failed: No secret key

The solution came from this previous issue:

gpg --export [ID] > public.key
gpg --export-secret-keys [ID] > private.key
gpg2 --import public.key
gpg2 --import private.key
rm public.key private.key

with [ID] being the id of my key. It imports correctly the keys from gpg to gpg2.

Finally I rebooted and now my passphrase is cached, which makes me a really happy user of pass.

Best Answer

Related Solutions

Linux Mint MATE: Disable encrypted volume password dialog

How to make the default-cache-ttl option of gpg-agent work

Related Question