Where to save passphrases?

Mathias Bauer mbauer at mailbox.org
Sat Jul 26 13:43:36 CEST 2014


* Sudhir Khanger wrote on Sat, 26 Jul 2014, at 13:49 (+0530):

> Is using some single-sign-on method, like keychain or pam, to
> keep gpg passphrase cached in gpg-agent for the length of user
> session, so that one doesn't have to enter gpg key passphrase
> every time one is sending an email, considered a common
> practice? Or does that again fall in risky behavior category?

You know your working scenarios, we on this mailing list don't
(at least as long as you don't give more details).  So it's only
you who can evaluate these and who must decide finally.  As
always, the evaluation of the scenarios comes first, the
selection of the means (software) to face them comes afterwards.

I think you should invest some time to go through the man pages
of all the commands you intend to use.  For example gpg-agent(1):

  --default-cache-ttl n
      Set the time a cache entry is valid to n seconds.  The
      default is 600 seconds.
  --max-cache-ttl n
      Set the maximum time a cache entry is valid to n seconds.
      After this time a cache entry will be expired even if it
      has been accessed recently.  The default is 2 hours (7200
      seconds).

If unsure, keep using the defaults.

Regards,
Mathias

-- 
CAcert Assurer

Do you want to encrypt your mail?  Then join CAcert and get your SSL
certificate from https://www.CAcert.org.  If you have any questions,
don't hesitate to ask.

OpenPGP:  ID 0x44C3983FA7629DE8 - http://www.sks-keyservers.net
Fingerprint: B100 5DC4 9686 BE64 87E9  0E22 44C3 983F A762 9DE8
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 455 bytes
Desc: not available
URL: </pipermail/attachments/20140726/affaa501/attachment-0001.sig>


More information about the Gnupg-users mailing list