Gpg does not ask for password

gpg

I encrypted one file with gpg -c <file> and closed the terminal. After a while, I tried to decrypt it with gpg <file> and it decrypted it, without asking for a password. Is that normal? How to guarantee that gpg will ask for a password, even in my same computer?

Best Answer

This is normal, gpg now uses gpg-agent to manage private keys, and the agent caches keys for a certain amount of time (up to two hours by default, with a ten minute inactivity timeout).

To change the defaults, create or edit a file named ~/.gnupg/gpg-agent.conf, and use the following entries:

default-cache-ttl specifies the amount of time a cache entry is kept after its last use, in seconds (600 by default);
max-cache-ttl specifies the maximum amount of time a cache entry is kept, in seconds (7200 by default).

After changing these, you’ll need to reload the configuration (try sending SIGHUP to gpg-agent, or killing it outright).

Related Solutions

Decrypt files encrypted with gpg using xargs

Run gpg-agent or a similar program. Set up gpg to look for a running agent, as explained in the documentation. Enter the passphrase in the agent once and for all (for this session).

Note that ls | xargs -n 1 gpg only works if your file names do not contain any special characters. Generally speaking, don't parse the output of ls, and xargs is pointless when you want to run the program once per file. Do this instead:

for x in *.gpg; do gpg "$x"; done

What does gpg error code 2(GPG_ERR_UNKNOWN_PACKET) mean

Largely used GPF codes are of three types :

0 is success (all other values indicate a failure).
2 is usually used for unxpected errors.
1 for things like a BAD signature.

The proper way to identify an error is by interpreting the output of --status-fd.

Now for the particular Question that you are using, there might be two reasons :

GPG is asking whether you want to continue on with the encryption using an unsigned key. Since no user can input Y it produces an error.

To fix this provide the following switches :

    --yes and --always-trust

It may also be a permission problem. gpg is trying to access a directory that it can't have access to, so it fails with a fatal error. (error code 2)

You can fix that by specifying a homedir directive with a directory writable by gpg. Like this:

   $cmd = "/usr/bin/gpg -a --recipient $to -e -o $outfile $infile --homedir /path/to/dir";

Information from man gpg:

   --homedir directory
   Set the name of the home directory to directory

    If this option is not used it defaults to "~/.gnupg". It does not make sense to    use     this in a options file. This also overrides the environment variable $GNUPGHOME.

You can also use this link to know more about this one.

Best Answer

Related Solutions

Decrypt files encrypted with gpg using xargs

What does gpg error code 2(GPG_ERR_UNKNOWN_PACKET) mean

Related Question