caching of passphrase is not working in windows , gpg agent version 2.2.23
Werner Koch
wk at gnupg.org
Tue Nov 24 08:53:55 CET 2020
On Mon, 23 Nov 2020 09:18, surender singh pawar said:
> 4. from powershell started agent
>
> "$gpgPath\bin\gpg-connect-agent.exe" reloadagent /bye
Why do you do this? The import operation already started the agent. In
any case to explicitly start the agent please use
gpgconf --launch gpg-agent
> "$gpgPath\bin\gpg-preset-passphrase.exe" -v -c -P "$pgpPassphrase"
You need to add the keygrip to the invocation; from the man page:
gpg-preset-passphrase [options] [command] cacheid
cacheid is either a 40 character keygrip of hexadecimal
characters identifying the key for which the passphrase should be
set or cleared. The keygrip is listed along with the key when
running the command: gpgsm --with-keygrip --list-secret-keys.
Alternatively an arbitrary string may be used to identify a
passphrase; it is suggested that such a string is prefixed with
the name of the application (e.g foo:12346). Scripts should
always use the option --with-colons, which provides the keygrip
in a "grp" line (cf. ‘doc/DETAILS’)/
Thus something like
gpg-preset-passphrase -vcP "$pgpPassphrase" 00112233445566778898aabvccddeeff
You should also review your architecture and the attack tree: Why use a
passphrase at all (with its KDF induced delays) if you put it into a
script. Better remove the passphrase from the key.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20201124/baa46cad/attachment.sig>
More information about the Gnupg-users
mailing list