Is gpg-agent passphrase status query possible?

Cpp tzornik at
Thu Oct 30 23:14:12 CET 2014


I use gpg to store my password-protected private key(s) and some
public keys, but there is also gpg-agent daemon that is used to act as
a backend (key and password manager) to certain applications. I have
configured this agent to remember the secret key passphrase for 15
minutes and then forget it. If the passphrase has been entered
recently, the provided encrypted files will automatically decrypt. If
not then either the command line will prompt me for a passphrase or
the gtk pinentry will pop up. Is there a way to "query" gpg-agent to
see whether a correct passphrase has been recently entered for a
particular secret key, and has not yet been forgotten?

Basically I use Thunderbird with Enigmail to manage encrypted email,
and I find it extremely annoying when each and every time the pinintry
pops up when I accidentally click an encrypted email. Since I use a
long passphrase I find it a nuisance to have to either type it in or
close the pinentry window each time. So was hoping there is a "query"
feature in gpg-agent that an application like enigmail can use to see,
if a particular secret key is unlocked (and it must not trigger any
prompts/popups like gtk-pinentry).

Currently enigmail attempts to automatically decrypt each and every
encrypted email upon opening it regardless of whether a secret key has
been unlocked or not. There's an option to disable this automatic
decryption, but that forces the user to manually decrypt every email,
which is again an annoyance. I was hoping to see a behavior where the
emails are only automatically decrypted, if the correct secret key is
currently unlocked in gpg-agent, else nothing happens (no pinentry
popups!). The user must click the "decrypt" button, enter the key
once, and all emails decrypt so long as the secret key remains
unlocked in gpg-agent.


More information about the Gnupg-users mailing list