caching of passphrase is not working in windows , gpg agent version 2.2.23

Werner Koch wk at gnupg.org
Tue Nov 24 08:53:55 CET 2020


On Mon, 23 Nov 2020 09:18, surender singh pawar said:

> 4.      from powershell started agent
>
> "$gpgPath\bin\gpg-connect-agent.exe" reloadagent /bye

Why do you do this?  The import operation already started the agent.  In
any case to explicitly start the agent please use

  gpgconf --launch gpg-agent

> "$gpgPath\bin\gpg-preset-passphrase.exe" -v -c -P "$pgpPassphrase"

You need to add the keygrip to the invocation; from the man page:

  gpg-preset-passphrase [options] [command] cacheid

       cacheid is either a 40 character keygrip of hexadecimal
       characters identifying the key for which the passphrase should be
       set or cleared.  The keygrip is listed along with the key when
       running the command: gpgsm --with-keygrip --list-secret-keys.
       Alternatively an arbitrary string may be used to identify a
       passphrase; it is suggested that such a string is prefixed with
       the name of the application (e.g foo:12346).  Scripts should
       always use the option --with-colons, which provides the keygrip
       in a "grp" line (cf. ‘doc/DETAILS’)/

Thus something like

  gpg-preset-passphrase -vcP "$pgpPassphrase" 00112233445566778898aabvccddeeff

You should also review your architecture and the attack tree: Why use a
passphrase at all (with its KDF induced delays) if you put it into a
script.  Better remove the passphrase from the key.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20201124/baa46cad/attachment.sig>


More information about the Gnupg-users mailing list