gpg-agent automatically use passphrase for signing subkey?
shavital at mac.com
Thu Jul 21 16:42:23 CEST 2011
<CAF=P9QD+TpgrPnLKK9QR9eFHSLgCOo8T3DtjUzrBi+bVsiSS-Q at mail.gmail.com>
wrote on 7/21/11 2:51:42 PM:
> I have a program
Which version of GnuPG are you running, and where did you download it
from, please? Just for information.
which encrypts and signs files; I supply the same key
> ID for both operations, the 'primary ID'.
> My key actually consists of the main key and two subkeys, for
> encryption and signing.
This is the information pertaining to the key whose key ID is mentioned
in your e-mail:
pub 1024D/BAD246F9 created: 2006-03-31 expires: never usage: SC
trust: unknown validity: unknown
sub 2048D/7ED39759 created: 2010-12-11 expires: never usage: S
sub 4096g/E71D7B3E created: 2006-03-31 expires: never usage: E
[ unknown] (1). Chris Poole <chris at chrispoole.com>
[ unknown] (2) Chris Poole <lists at chrispoole.com>
> I'm using gpg-agent to cache my passphrase.
> I get asked for my passphrase (pinentry screen) once for the
> encryption key, and then again, for the signing key.
You are asked for your passphrase once for *decrypting* an e-mail that
has been encrypted using your public key; and then once again to sign an
e-mail. In other words, when you need to use your secret key.
> Can I instruct the agent to give the passphrase for any subkey? Given
> that they're both subkeys, the passphrases are the same.
gpg-agent *caches* your passphrase (in encrypted form) for each of the
two operations described above.
The passphrase remains cached (you are not requested to type it again)
for the value in seconds set in ~/.gnupg/gpg-agent.conf - You can edit
that file (gpg-agent.conf) with a suitable text editor (like TextEdit
that is a part of MacOSX, or with BBEdit light (freeware).
OSX 10.7 (11A511) MacBook Intel C2Duo 2GHz-GnuPG 1.4.11-MacGPG2-2.0.17
Shredder 8.0a1 (2011-07-21) Enigmail 1.3a1pre (20110717-1422)
More information about the Gnupg-users