I recently got GPG setup on my Mac:
brew install gpg;
brew install gpg-agent;
And generated a key pair with a passphrase.
I added use-agent
to my ~/.gnupg/gpg.conf
and allow-preset-passphrase
to ~/.gnupg/gpg-agent.conf
I successfully decrypted a file using:
gpg --use-agent --output example.txt --decrypt example.gpg
which prompted me to enter my private key passphrase. The trouble is, when decrypting subsequent files, gpg-agent
again prompts me for this passphrase.
Currently, my passphrase is a really long string which is near impossible to type each time. I would like gpg
to behave like ssh-agent
wherein the passphrase is stored securely and remembered forever (even between sessions).
I understand that this might decrease security if my laptop was comprised, but this inconvenience would probably deter me from using gpg
all together.
I'm not sure if:
default-cache-ttl 31536000
max-cache-ttl 31536000
are the options I'm looking for to store between reboots There's sadly no man
entry for gpg-agent
.
How can I make gpg
/gpg-agent
remember my private key passphrase forever?
Best Answer
You probably don't have the environment variable
$GPG_AGENT_INFO
set.What you can do as a temporary measure is run
gpg-agent bash
(or the shell of your choice) and retry decryption.On the long run this might just be solved by first logging out and then log back in to your system, then check echo
$GPG_AGENT_INFO
again. If it is there chances are good that you no longer have to retype your passphrase every time.Most Linux distributions have hooks for this in place and I expect OSX to be as user friendly, the requirement, of course being that
gpg/gpg-agent
is available (installed) before starting your session.