5

I installed gpg via homebrew.

I have a ~/gpg-agent.conf file as follows:

allow-preset-passphrase
default-cache-ttl 1209600
max-cache-ttl 1209600
max-cache-ttl-ssh 1209600

My .bashrc (actually: ~/.bash_it/custom/gpg-agent.bash) has 

export GPG_TTY=$(tty)

[ -f ~/.gpg-agent-info ] && source ~/.gpg-agent-info
if [ -S "${GPG_AGENT_INFO%%:*}" ]; then
  export GPG_AGENT_INFO
else
  eval $( /usr/local/bin/gpg-agent --daemon --write-env-file ~/.gpg-agent-info )
fi

My assumption was this would make it so that I'm only asked for my passphrase once every 2 weeks, but I'm still asked for it every 5 minutes. gpg-agent --gpgconf-list shows the actual values being used?

$ gpg-agent --gpgconf-list
gpgconf-gpg-agent.conf:16:"/Users/notbrain/.gnupg/gpg-agent.conf
verbose:8:
quiet:8:
debug-level:24:"none:
log-file:8:
default-cache-ttl:24:600:
default-cache-ttl-ssh:24:1800:
max-cache-ttl:24:7200:
max-cache-ttl-ssh:24:7200:
enforce-passphrase-constraints:8:
min-passphrase-len:24:8:
min-passphrase-nonalpha:24:1:
check-passphrase-pattern:24:
max-passphrase-days:24:0:
enable-passphrase-history:8:
no-grab:8:
ignore-cache-for-signing:8:
no-allow-mark-trusted:8:
no-allow-external-cache:8:
disable-scdaemon:8:
enable-ssh-support:0:

Why is my gpg-agent.conf file not being obeyed? What am I missing? Installed via homebrew:

$ ll $(which gpg)
8 lrwxr-xr-x  1 notbrain  admin    33B Mar  1 15:15 /usr/local/bin/gpg -> ../Cellar/gnupg2/2.0.30_3/bin/gpg
notbrain
  • 628

3 Answers3

1

You've put the gpg-agent.conf file in your home directory at ~/.gpg-agent.conf. But the default location for that file is in a subdirectory: ~/.gpg/gpg-agent.conf.

In the gpg-agent configuration documentation they say the gpg-agent.conf file should be in the "current home directory". But, confusingly, they don't mean the user's home directory; they mean gpg-agent's home directory: ~/.gpg.

So you can move your config file to ~/.gpg/gpg-agent.conf and it should be found. Alternatively, you can give gpg-agent a new home directory using the --homedir [dir] flag on startup.

Flavin
  • 111
0

Turns out this was just an issue with a simple logout/login and/or relaunch of iterm2 not working. It started to work once I rebooted.

notbrain
  • 628
0

using MacOS Monterery, was facing the same issue found after an hour that the passphrase was being cached by macos keychain and to disable this go to System Preferences > GPG Suite and uncheck - Store in macOS Keychain option. The saved passphrases are still tried once, will be great to delete them as well ( delete button to the right of above option ). Caching time can also be configured in GPG Suite using the Remember for _ option.

Ritick Madaan
  • 1