Menu
▾
▴
#510 Passphrase not cached
invalid
nobody
None
1.8.2
Major
38.0.1
2.0.28
Mac_OS_X
---
nobody
2015-07-10
2015-07-07
No
This is extremely annoying and I am tempted to deinstall Enigmail because of this.
Symptom: I need to enter the passphrase each time the key is used. For each email, attachement, decrpytion etc.
pgp-agent.conf:
pinentry-program /usr/local/bin/pinentry-mac
default-cache-ttl 300
max-cache-ttl 999999
I have set the cache to 5 minutes in Enigmail, too.
pgp-agent.conf is not a filename i recognize. do you mean gpg-agent.conf?
can you try from the command line without relying on enigmail? from Terminal, try ($FPR is your key's fingerprint or some other strong identifier):
echo test | gpg --encrypt -r "$FPR" | gpg --decrypt
This should trigger the agent to ask for your passphrase, and then a second time it should be cached.
also, what output do you see from:
gpg-connect-agent "getinfo version" /bye
gpg-connect-agent "getinfo pid" /bye
?
Thanks a lot for looking to this!
[wolff@MacBook-Pro:~]echo test | gpg2 --encrypt -r 16FB185B | gpg2 --decrypt
You need a passphrase to unlock the secret key for
user: "Eberhard Wolff eberhard.wolff@gmail.com"
4096-bit RSA key, ID C9F6AAA8, created 2014-11-17 (main key ID 16FB185B)
gpg: encrypted with 4096-bit RSA key, ID C9F6AAA8, created 2014-11-17
"Eberhard Wolff eberhard.wolff@gmail.com"
test
[wolff@MacBook-Pro:~]gpg-connect-agent "getinfo version" /bye
gpg-connect-agent: can't connect to the agent: IPC connect call failed
[wolff@MacBook-Pro:~]gpg-connect-agent "getinfo pid" /bye
gpg-connect-agent: can't connect to the agent: IPC connect call failed
[wolff@MacBook-Pro:~]
For the I need to enter my passphrase. A dialog pops up for that. But I only need to enter it once...
I'm not sure i understand "For the I need to enter my passphrase" -- but the latter two calls suggest that gpg-agent isn't running in your mac's session. perhaps this is something you need to address with whoever is providing your gnupg installation (gpg-tools?)
if you run the "echo test" pipeline a second time, do you have to enter your passphrase each time you run it?
enigmail these days relies on gpg-agent to do passphrase caching, so if gpg-agent isn't running, then no passphrase will be cached.
I enter the passphrase using pinentry-mac. I have installed gnupg2, gpg-agent, pinentry, pinentry-mac via Homebrew on Mac OS X. I need to enter the passphrase again the second time I run it. I tried to reinstall gpg-agent and added use-standard-socket to the configuration but that didn't help either. How can I debug what gpg-agent does?
Eberhard, you can e.g. enter "debug-level advanced" into gpg-agent.conf. This maybe yields more output and you might see why it is shutting down.
Details may be found here:
https://gnupg.org/documentation/manuals/gnupg/Agent-Configuration.html
and here:
https://gnupg.org/documentation/manuals/gnupg/Agent-Options.html#Agent-Options
(remember to remove the double-dash before putting the options into gpg-agent.conf)
Last edit: Ludwig Hügelschäfer 2015-07-08
I think in gpg-agent 2.0.x, if no agent is running, the gpg process will start a short-lived agent just for itself. in 2.1.x, it will spawn a long-lived agent, which is more what Eberhard is expecting. so use-standard-socket on its own probably won't do the trick.
It sounds to me like what Eberhard is missing (barring an upgrade to 2.1.x) is session-wide gpg-agent instance.
Unfortunately, i don't know enough about Mac OS X to know how to set up something like that, so i can't give particularly useful advice here.
GnuPG up to v2.0.16 would only spawn a short-lived gpg-agent. But more recent versions usually (i.e. in the default setup) spawn a long-lived gpg-agent session. However, it may be that a particular distribution, such as homebrew on Mac, could change this setting.
I'd create the script and add it to the items to execute at login time:
Problem solved. I added use-standard-socket to the config but did not reboot. After a reboot everything seems to work. Thanks for the help!!! :-)