"Remember for n idle minutes" often stores key in memory for arbitrary...
OpenPGP addon for Mozilla Thunderbird
Brought to you by:
pbrunschwig
Menu
▾
▴
#287 "Remember for n idle minutes" often stores key in memory for arbitrary lengths of time
closed
nobody
1.7.2
Major
24.6.0
1.4.17
Mac_OS_X
---
nobody
2018-02-11
2014-07-23
No
The "remember for n idle minutes" option on the GPG key password is completely broken on OS X, both on Intel and PowerPC (with Tenfourbird). Sometimes it functions as expected, many times, however, a few messages can be sent later with the password/key still clearly cached, hours or even days after the "n minutes" expired, before the password/key will be flushed.
This can also happen through sleep/wake cycles on a laptop.
If never checking the "remember for n idle minutes" box is used as a workaround, the user may be prompted more than once to enter the key password.
This is still present in 1.7.2.
Fixed on trunk. Will be available on tomorrows nightly version.
THANK YOU! :)
Fedora 20, mate desktop 1.8.1, thunderbird 31.2,
enigmail nightly build 1.8a1pre (20141110-0013)
I can't get enigmail to forget the passwords. Changing the timeout value results to message stating enigmail cannot connect to gpg-agent.
I've enabled gnome keyring: gpg agent -> no help
I've enabled MATE keyring: gpg agent (whine gnome gpg agent was disabled) -> no help
Previously both were disabled and enigmail forgot password as expected.
entering: gpg-agent to terminal results to:
gpg-agent: gpg-agent running and available
ps -aef | grep gpg-agent shows no processes.
Any hints on what to try next?
what is the output of entering
on the command line? Does it come up with a "> " prompt? (If yes, you can leave with "exit").
yes, a prompt came up.
(btw, exit is not valid command, ctrl-d did the trick :) )
Just to be sure it's not my own modifications causing the issue, I installed Fedora 20 with Mate desktop to a virtual machine.
Proceed to install thunderbird and enigmail (nightly build 18-11-2014). Got the same message about not being able to connect to gpg-agent.
Solution to my problem found at
https://confluence.clazzes.org/display/KH/Preventing+Gnome-Keyring+from+caching+GPG+keys+forever
Basically:
gsettings set org.gnome.crypto.cache gpg-cache-method idle
gsettings set org.gnome.crypto.cache gpg-cache-ttl 120
Perhaps a link to above URI could be provided as a possible solution in the messagebox for cases where gpg-agent is not found.
Reopened due to this forum thread and individual report.
This was true for as long as Enigmail kept passphrases in memory. Since we only support gpg 2.0.x and newer, passphrase handling is no longer a task for Enigmail at all.