How can I get GPG Agent to cache my password?

rdegges Published at Dev

rdegges

I'm a developer, and I commonly sign my Git commits with my GPG key. I've been able to get GPG Agent working properly on OSX so that it only asks me for my password once per day, but I'm having problems getting the same thing working on Ubuntu 16.04.

Here's what I'm doing:

I've got my GPG keys setup / etc.
I'm in a Git directory.
I add some files to Git.

I then go to commit them (git commit), and get a GPG password request that looks like this:

$ git ci

You need a passphrase to unlock the secret key for
user: "Randall Degges <[email protected]>"
4096-bit RSA key, ID 8F700DA2, created 2016-04-05

[master 1740961] blah
 1 file changed, 1 insertion(+)

The problem is: every single time I do a commit, I'm re-prompted for my GPG password again.

What I'd like to do is configure GPG Agent to cache my password for 1 full day, so it only needs to be entered once.

I've read through tons of documentation and blog posts, and here's what I've tried so far...

First, I modified my ~/.zshrc file (I use zsh) to set the following:

# GPG Agent
export GPG_TTY=$(tty)
export GPGKEY=8F700DA2

Now, from what I read, this alone should do the trick after restarting gpg-agent, but it does not.

So, the next thing I did was I defined a ~/.gnupg/gpg-agent.conf file as explained in the man gpg-agent page:

# Set the default cache time to 1 day.
default-cache-ttl       86400
default-cache-ttl-ssh   86400

# Set the max cache time to 30 days.
max-cache-ttl           2592000
max-cache-ttl-ssh       2592000

This also has no effect.

I've also tried various blog methods, etc., but nothing seems to work. Can someone give me some pointers to things I might be missing?

Jens Erat

In addition to setting up the cache times in gpg-agent.conf, you also have to make sure GnuPG is actually interfacing the gpg-agent. GnuPG 2 and upwards generally does, but the GnuPG 1 branch does not. By default git is using the gpg binary, which (at the time of writing this answer) still is GnuPG 1, while GnuPG 2 is installed as gpg2 on most systems.

In the end, you have two possibilities:

set up git to use gpg2 by changing the git configuration:
```
git config --global gpg.program gpg2
```
set up gpg(GnuPG 1) to use gpg-agent by adding use-agent to gpg.conf

Collected from the Internet

Please contact [email protected] to delete if infringement.

edited at2021-03-25

Comments

0 comments

From Dev

Related Related

Article