LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 10-24-2018, 07:11 PM   #1
montagdude
Senior Member
 
Registered: Apr 2016
Distribution: Slackware
Posts: 1,613

Rep: Reputation: 1251Reputation: 1251Reputation: 1251Reputation: 1251Reputation: 1251Reputation: 1251Reputation: 1251Reputation: 1251Reputation: 1251
gpg2 doesn't ask for passphrase


I use password-store (aka pass) as a password manager. Older versions used to ask for a password when viewing or editing any passwords, but the current version does not. I noticed that this version is using gpg2, and that seems to be the reason. For example, if I do:

Code:
gpg -d ~/.password-store/Internet/slackdocs.gpg
I am prompted for my passphrase. However, if I switch the call to gpg2, I get this:

Code:
gpg2 -d ~/.password-store/Internet/slackdocs.gpg

You need a passphrase to unlock the secret key for
user: "(name and email redacted)"
2048-bit RSA key, ID 276F9293, created 2016-06-11 (main key ID 18CE63C4)
Despite this, it then goes on to decrypt the file without me actually entering the passphrase. I did some research on this, and everything seems to suggest that this can happen due to gpg-agent caching the passphrase, but I don't think that's the case, as none of the posted solutions seem to work. For example, this thread on StackExchange suggests to use the --no-use-agent option on older versions of gpg, or

Code:
default-cache-ttl 1
max-cache-ttl 1
in ~/.gnupg/gpg-agent.conf in gpg 2.1+. I am running Slackware64-14.2 (gpg 2.0.13), and with --no-use-agent, I get a warning that the option is obsolete and has no effect. With the changes above in gpg-agent.conf, I get an error that those options are unrecognized. Perhaps I just need to upgrade to a newer version of gpg2 to get this to work? Any advice would be appreciated. I would prefer to be asked for the passphrase every time.

Edit: I also forgot to mention, even right after rebooting, it decrypts the file without asking for the passphrase, so I don't think it is due to gpg-agent caching it.

Last edited by montagdude; 10-24-2018 at 07:15 PM.
 
Old 10-24-2018, 07:44 PM   #2
montagdude
Senior Member
 
Registered: Apr 2016
Distribution: Slackware
Posts: 1,613

Original Poster
Rep: Reputation: 1251Reputation: 1251Reputation: 1251Reputation: 1251Reputation: 1251Reputation: 1251Reputation: 1251Reputation: 1251Reputation: 1251
I just upgraded gpg2 by building the version from -current (I also had to upgrade libgpg-error, libassuan, and libksba, and install npth). It now brings up the password prompt as expected when decrypting a file. Before I mark this as solved, could anyone confirm the behavior that I am seeing with the default version of gpg2 on Slackware 14.2? It seems like a bug to me.
 
Old 10-24-2018, 07:50 PM   #3
montagdude
Senior Member
 
Registered: Apr 2016
Distribution: Slackware
Posts: 1,613

Original Poster
Rep: Reputation: 1251Reputation: 1251Reputation: 1251Reputation: 1251Reputation: 1251Reputation: 1251Reputation: 1251Reputation: 1251Reputation: 1251
By the way, for testing purposes, this command should reload gpg-agent to clear the passphrase from cached memory:

Code:
gpgconf --reload gpg-agent
With the default gpg-2.0.31 on Slackware 14.2, I am not prompted for a passphrase even after running this command. gpg-2.2.10 does prompt for a passphrase.
 
Old 10-26-2018, 11:49 PM   #4
montagdude
Senior Member
 
Registered: Apr 2016
Distribution: Slackware
Posts: 1,613

Original Poster
Rep: Reputation: 1251Reputation: 1251Reputation: 1251Reputation: 1251Reputation: 1251Reputation: 1251Reputation: 1251Reputation: 1251Reputation: 1251
Can anyone else confirm this behavior with gpg2 2.0.13? It seems like a significant security issue.
 
Old 10-27-2018, 09:16 AM   #5
Ian M
LQ Newbie
 
Registered: Oct 2017
Posts: 15

Rep: Reputation: Disabled
I don't know if this helps but I don't get the same behavior. Running pass or gpg2 directly like in your example the passphrase is cached for 10 minutes or until I log out if that's sooner.
The timeout appears to reset every time gpg2 is run though, so after entering the passphrase if you repeatedly run gpg2 at intervals of less than 10 minutes it doesn't seem to clear the cache and doesn't ask for the passphrase.

Code:
gpgconf --reload gpg-agent
Works as expected.

Last edited by Ian M; 10-27-2018 at 09:24 AM.
 
1 members found this post helpful.
Old 10-27-2018, 11:21 AM   #6
montagdude
Senior Member
 
Registered: Apr 2016
Distribution: Slackware
Posts: 1,613

Original Poster
Rep: Reputation: 1251Reputation: 1251Reputation: 1251Reputation: 1251Reputation: 1251Reputation: 1251Reputation: 1251Reputation: 1251Reputation: 1251
Alright, thanks for the feedback. I guess it's just something about my system, but at least upgrading gpg2 works for me. I will mark this as solved.
 
Old 10-29-2018, 10:28 PM   #7
montagdude
Senior Member
 
Registered: Apr 2016
Distribution: Slackware
Posts: 1,613

Original Poster
Rep: Reputation: 1251Reputation: 1251Reputation: 1251Reputation: 1251Reputation: 1251Reputation: 1251Reputation: 1251Reputation: 1251Reputation: 1251
Well, I did a complete reinstall of Slackware64-14.2, and I'm still having this problem with gpg 2.0.31. I'll upgrade to the newer version again, but it's still strange and worrisome.
 
Old 11-06-2019, 01:04 AM   #8
montagdude
Senior Member
 
Registered: Apr 2016
Distribution: Slackware
Posts: 1,613

Original Poster
Rep: Reputation: 1251Reputation: 1251Reputation: 1251Reputation: 1251Reputation: 1251Reputation: 1251Reputation: 1251Reputation: 1251Reputation: 1251
For the sake of anyone who may find this thread while searching, I have some new information to share. When I upgraded from 14.2 to -current, this issue came back, which was surprising since -current has the latest gpg2. (gpg still asks for the password as expected, but gpg2 never does.) I ended up generating a new gpg key, which fixed the problem: with the new key, I am always prompted for the passphrase except for during the expected gpg-agent caching interval. I have now re-encrypted all my files with the new key, and hopefully that will solve it for good. I have no idea what it was about the old key that made gpg2 not ask for the password, but if you are experiencing this issue, try generating a new key. All I can think of is that there is some other password/key manager running that has stored the key, but all the ones I know of on my system did not have it stored.
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Mandos client doesn't get the passphrase from server sparc86 Linux - Security 0 01-29-2013 01:44 PM
redhat 6 gpg2 none gui encryption Xris718 Linux - Security 2 06-15-2012 11:56 AM
[SOLVED] gpg2 caches passphrase in OpenSuSE 11.4 jtwdyp SUSE / openSUSE 3 09-19-2011 03:59 AM
Yast doesn't seem to sort out my passphrase correctly bugg_tb SUSE / openSUSE 2 08-14-2006 09:46 PM
KMail and PGP/GPG not working - doesn't ask for passphrase steve1401 Linux - General 2 02-08-2005 07:42 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 07:58 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration