SUSE / openSUSEThis Forum is for the discussion of Suse Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: antiX, Mageia, OpenSUSE, etc... I multi-boot
Posts: 36
Rep:
gpg2 caches passphrase in OpenSuSE 11.4
Hello. I'm sort of an old "flatulation" in that I'm kinda set in my ways. Most of which don't happen to be the way everybody else seems to want things. And how I feel about needing to repetitively enter passwords and passphrases is one of them. I've been using gpg for years. Heck I even set a couple of :map key lines in my ~/.vimrc to automatically replace the file contents with a clearsigned version of them. I ONLY ever invoke gpg in terminal windows such as konsole and on virtual consoles such as tty1.
I also have embedded gpg commands in a few bash scripts.
Now it never bothers me when I can verify a signed file is intact without using my passphrase. Nor do I really want to have to enter the passphrase for a shell script to automatically encrypt a file. But when it comes to signing a file, the passphrase is the only way to ensure that I'm actually the one at the keyboard, "signing" the file. And to decrypt anything I thought sensitive, or private enough to bother encrypting in the first place, absolutely. In fact I expect to have to enter the passphrase every single time I invoke gpg to either sign or decrypt a file. Even if I just decrypted or signed something a few seconds ago. (during those few seconds I might have had to go answer the door and possibly forgot to lock my PC...)
So it really bothers me that gpg2, as implemented in OpenSuSE 11.4 is insisting of either storing the passphrase in some cache, Or storing the fact that I previously entered it at some pinentry prompt... That is to say, once I successfully enter the passphrase, I can decrypt another without being prompted for my passphrase again for several minutes.
And I can't figure out how to configure gpg2 to ALWAYS require a NEW authentication each and every time it either signs or decrypts a file. Is this still possible? Cause as it is I'm thinking of uninstalling gpg2 from my OpenSuSE.
--no-use-agent
This is dummy option. gpg2 always requires the agent.
It's gpg-agent that is caching your key. And it appears gpg2 requires gpg-agent to be running. Best I can suggest is to dig around on your system for a way to tweak the gpg-agent settings. Make the cache expire in 1 second or so.
It's gpg-agent that is caching your key. And it appears gpg2 requires gpg-agent to be running. Best I can suggest is to dig around on your system for a way to tweak the gpg-agent settings. Make the cache expire in 1 second or so.
That's why I started this thread. I can't find what to tweak where to get gpg2 (and/or gpg-agent) to behave as much like gpg1 as it does on my other up to date Linux installations. {My Desktop multi-boots OpenSuSE, Ubuntu, PCLinuxOS, Arch, & Sabayon.} But it's only on OpenSuSE that I see this behavior, and I can't find a significant difference in the user settings.
I'm not a gpg expert. I barely understand enough of the docs to use the few features I bother with. Most of the documentation might as well be in Greek. And I'm talking about GPG1 When I try to understand what they did with gpg2, well It reminds me of why I haven't embraced grub2 yet {except that I did learn something about grub2 from an on-line discussion I tripped over about how to get it to use LABEL=unique-label instead of UUID=gibberish...}
But getting back to gpg2, I was hoping that sombody here might know how to either disable this caching behaivior, or at least cause the cache involved to expire in less than 10 seconds.
But where ever this setting is, I can't find it. {sigh}
Distribution: antiX, Mageia, OpenSUSE, etc... I multi-boot
Posts: 36
Original Poster
Rep:
The caching issue was a tough egg to crack. It seems that the component responsible for that was gpg-agent.
I had suspected as much and had previously extracted the following from
man gpg-agent:
Code:
OPTIONS
--options file
Reads configuration from file instead of from the default per-
user configuration file. The default configuration file is
named ‘gpg-agent.conf’ and expected in the ‘.gnupg’ directory
directly below the home directory of the user.
And:
Code:
--default-cache-ttl n
Set the time a cache entry is valid to n seconds. The default
is 600 seconds.
But this didn't seem to work because when I created the file:
~/.gnupg/gpg-agent.conf
with this line in it:
--default-cache-ttl 5
gpg-agent complained about an invalid option...
However I finally tripped over this in a google search:
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.