gpg-agent: Different TTLs for different keys

Peter S. May me at psmay.com
Wed Mar 14 19:03:06 CET 2007


I had a workaround in mind that involved using multiple homedirs (one in
~/.gnupg and the other in ~/.backup-system2/crypto/gnupg) and then
spinning up one gpg-agent for each, using the first one's GPG_AGENT_INFO
in the normal shells and the other in the backup scripts only.  To get
the passphrase cached the first time, I'd steal this page from Gentoo's
keychain script:

# The alternate GPG_AGENT_INFO and GNUPGHOME have already been imported
echo | gpg --use-agent --no-tty --sign --local-user backup \
-o - >/dev/null 2>&1

I'll be working on that.

In the meantime, it would be kind of a nice option, and I don't think
it's quite as complex as the issue you mentioned (though I could be wrong).

Thanks
PSM

Werner Koch wrote:
> On Wed, 14 Mar 2007 15:09, me at psmay.com said:
> 
>> I want to set gpg-agent to handle both, but the TTL on the e-mail key
>> should be 5 minutes and the TTL on the backup key should be indefinite
>> (I should only have to enter it every time I boot).  Is there a way to
>> do this?
> 
> No.  Or not yet.  It is related to https://bugs.g10code.com/gnupg/issue672.
> 
> 
> 
> Shalom-Salam,
> 
>    Werner
> 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20070314/aef69d97/attachment.pgp 


More information about the Gnupg-users mailing list