montagdude |
10-24-2018 06:11 PM |
gpg2 doesn't ask for passphrase
I use password-store (aka pass) as a password manager. Older versions used to ask for a password when viewing or editing any passwords, but the current version does not. I noticed that this version is using gpg2, and that seems to be the reason. For example, if I do:
Code:
gpg -d ~/.password-store/Internet/slackdocs.gpg
I am prompted for my passphrase. However, if I switch the call to gpg2, I get this:
Code:
gpg2 -d ~/.password-store/Internet/slackdocs.gpg
You need a passphrase to unlock the secret key for
user: "(name and email redacted)"
2048-bit RSA key, ID 276F9293, created 2016-06-11 (main key ID 18CE63C4)
Despite this, it then goes on to decrypt the file without me actually entering the passphrase. I did some research on this, and everything seems to suggest that this can happen due to gpg-agent caching the passphrase, but I don't think that's the case, as none of the posted solutions seem to work. For example, this thread on StackExchange suggests to use the --no-use-agent option on older versions of gpg, or
Code:
default-cache-ttl 1
max-cache-ttl 1
in ~/.gnupg/gpg-agent.conf in gpg 2.1+. I am running Slackware64-14.2 (gpg 2.0.13), and with --no-use-agent, I get a warning that the option is obsolete and has no effect. With the changes above in gpg-agent.conf, I get an error that those options are unrecognized. Perhaps I just need to upgrade to a newer version of gpg2 to get this to work? Any advice would be appreciated. I would prefer to be asked for the passphrase every time.
Edit: I also forgot to mention, even right after rebooting, it decrypts the file without asking for the passphrase, so I don't think it is due to gpg-agent caching it.
|