gpg-agent automatically use passphrase for signing subkey?

[Charly Avital]

Chris Poole
<CAF=P9QD+TpgrPnLKK9QR9eFHSLgCOo8T3DtjUzrBi+bVsiSS-Q at mail.gmail.com>
wrote on 7/21/11 2:51:42 PM:
> Hi
> 
> I have a program

Which version of GnuPG are you running, and where did you download it
from, please? Just for information.

 which encrypts and signs files; I supply the same key
> ID for both operations, the 'primary ID'.
> 
> My key actually consists of the main key and two subkeys, for
> encryption and signing.


This is the information pertaining to the key whose key ID is mentioned
in your e-mail:

pub 1024D/BAD246F9  created: 2006-03-31  expires: never     usage: SC
                     trust: unknown       validity: unknown
sub  2048D/7ED39759  created: 2010-12-11  expires: never     usage: S
sub  4096g/E71D7B3E  created: 2006-03-31  expires: never     usage: E
[ unknown] (1). Chris Poole <chris at chrispoole.com>
[ unknown] (2)  Chris Poole <lists at chrispoole.com>

> I'm using gpg-agent to cache my passphrase.
> 
> I get asked for my passphrase (pinentry screen) once for the
> encryption key, and then again, for the signing key.


You are asked for your passphrase once for *decrypting* an e-mail that
has been encrypted using your public key; and then once again to sign an
e-mail. In other words, when you need to use your secret key.

> Can I instruct the agent to give the passphrase for any subkey? Given
> that they're both subkeys, the passphrases are the same.

gpg-agent *caches* your passphrase (in encrypted form) for each of the
two operations described above.

The passphrase remains cached (you are not requested to type it again)
for the value in seconds set in ~/.gnupg/gpg-agent.conf - You can edit
that file (gpg-agent.conf) with a suitable text editor (like TextEdit
that is a part of MacOSX, or with BBEdit light (freeware).

Best regards,
Charly
OSX 10.7 (11A511) MacBook Intel C2Duo 2GHz-GnuPG 1.4.11-MacGPG2-2.0.17
Shredder 8.0a1 (2011-07-21)  Enigmail 1.3a1pre (20110717-1422)