Currently, I'm using gpg to store my email password encrypted on disk, and have configured the programs I use to access the email server (offlineimap and msmtp) to ask gpg-agent for that password. I've set default-cache-ttl in gpg-agent.conf to a very high number, so I enter the passphrase once when I log in and then don't have to enter it again.
Now, I have mixed feelings about how much I trust traditional password managers, and I'm considering the idea of keeping a master password file also symmetrically encrypted by gpg. Since it would be *all* of my passwords, I want to be more careful with it, and don't want the passphrase for the file sitting around in RAM. But currently, since I have gpg-agent running with a high default-cache-ttl, if I encrypt a file with gpg -c, I can decrypt it again later using gpg -d without entering a password, which makes me uncomfortable. I want to be able to use gpg without gpg-agent in this situation, but this seems not to be possible; furthermore, the official documentation discourages using more than one instance of gpg-agent. So, is there a "good" way to get what I want: my email password stored in a way that I only have to enter a passphrase once, and my master password file stored in a way that I have to enter the passphrase every time I want to look at the file? Thanks, -- J.M. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
