I recently got GPG setup on my Mac:
brew install gpg;
brew install gpg-agent;
And generated a key pair with a passphrase.
I added use-agent to my ~/.gnupg/gpg.conf and allow-preset-passphrase to ~/.gnupg/gpg-agent.conf
I successfully decrypted a file using:
gpg --use-agent --output example.txt --decrypt example.gpg
which prompted me to enter my private key passphrase. The trouble is, when decrypting subsequent files, gpg-agent again prompts me for this passphrase.
Currently, my passphrase is a really long string which is near impossible to type each time. I would like gpg to behave like ssh-agent wherein the passphrase is stored securely and remembered forever (even between sessions).
I understand that this might decrease security if my laptop was comprised, but this inconvenience would probably deter me from using gpg all together.
I'm not sure if:
default-cache-ttl 31536000
max-cache-ttl 31536000
are the options I'm looking for to store between reboots There's sadly no man entry for gpg-agent.
How can I make gpg/gpg-agent remember my private key passphrase forever?
Best Answer
You probably don't have the environment variable
$GPG_AGENT_INFOset.What you can do as a temporary measure is run
gpg-agent bash(or the shell of your choice) and retry decryption.On the long run this might just be solved by first logging out and then log back in to your system, then check echo
$GPG_AGENT_INFOagain. If it is there chances are good that you no longer have to retype your passphrase every time.Most Linux distributions have hooks for this in place and I expect OSX to be as user friendly, the requirement, of course being that
gpg/gpg-agentis available (installed) before starting your session.