caching of passphrase is not working in windows , gpg agent version 2.2.23
surender singh pawar
surendersinghpawar at gmail.com
Tue Nov 24 09:30:18 CET 2020
Thanks for quick reply i did the following command only to put
passphrase in cache ( missed id while writing mail ) got id from gpg
--list-secret-keys
gpg-preset-passphrase -vcP "$pgpPassphrase"
*00112233445566778898aabvccddeeff *
How can I confirm if a passphrase set in the cache ? is there any debug
log which I can see to confirm it.
Can you share .if possible, any steps how to build windows gpg agent using
source code.? Most docs are for linux.
details for question is here as well
gnupg - windows :GPG is prompting for passphrase even though passphrase
cache is set in gpg-agent - Super User
<https://superuser.com/questions/1604539/windows-gpg-is-prompting-for-passphrase-even-though-passphrase-cache-is-set-in>
Thanks
surender
On Mon, Nov 23, 2020 at 11:55 PM Werner Koch <wk at gnupg.org> wrote:
> On Mon, 23 Nov 2020 09:18, surender singh pawar said:
>
> > 4. from powershell started agent
> >
> > "$gpgPath\bin\gpg-connect-agent.exe" reloadagent /bye
>
> Why do you do this? The import operation already started the agent. In
> any case to explicitly start the agent please use
>
> gpgconf --launch gpg-agent
>
> > "$gpgPath\bin\gpg-preset-passphrase.exe" -v -c -P "$pgpPassphrase"
>
> You need to add the keygrip to the invocation; from the man page:
>
> gpg-preset-passphrase [options] [command] cacheid
>
> cacheid is either a 40 character keygrip of hexadecimal
> characters identifying the key for which the passphrase should be
> set or cleared. The keygrip is listed along with the key when
> running the command: gpgsm --with-keygrip --list-secret-keys.
> Alternatively an arbitrary string may be used to identify a
> passphrase; it is suggested that such a string is prefixed with
> the name of the application (e.g foo:12346). Scripts should
> always use the option --with-colons, which provides the keygrip
> in a "grp" line (cf. ‘doc/DETAILS’)/
>
> Thus something like
>
> gpg-preset-passphrase -vcP "$pgpPassphrase"
> 00112233445566778898aabvccddeeff
>
> You should also review your architecture and the attack tree: Why use a
> passphrase at all (with its KDF induced delays) if you put it into a
> script. Better remove the passphrase from the key.
>
>
> Salam-Shalom,
>
> Werner
>
> --
> Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20201124/4a893380/attachment.html>
More information about the Gnupg-users
mailing list