Walia, Gaurav (333G) via Gnupg-users wrote: > Ok. Did some googling came up with the following. Could someone confirm > that I’m doing this correctly? > > Objective: To save passphrase in cache to an unattended machine so that it > doesn’t time out the credentials. Specifically, using > https://github.com/docker/docker-credential-helpers, with setup > https://github.com/docker/docker-credential-helpers/issues/102#issuecomment-388634452. > > Steps: > use gpg-preset-passphrase > Current Setup > > * ~/.gnupg/gpg-agent.conf > * pinentry-program /usr/bin/pinentry-curses > * max-cache-ttl 60480000 > * default-cache-ttl 60480000 > * allow-preset-passphrase > > * gpg --version > * gpg (GnuPG) 2.0.22 > * libgcrypt 1.5.3 > * Copyright (C) 2013 Free Software Foundation, Inc. > * License GPLv3+: GNU GPL version 3 or later > <http://gnu.org/licenses/gpl.html> > * This is free software: you are free to change and redistribute it. > * There is NO WARRANTY, to the extent permitted by law. > * > * Home: ~/.gnupg > * Supported algorithms: > * Pubkey: RSA, ?, ?, ELG, DSA > * Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, > * CAMELLIA128, CAMELLIA192, CAMELLIA256 > * Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 > * Compression: Uncompressed, ZIP, ZLIB, BZIP2 > * gpg2 --fingerprint --fingerprint n...@domain.com > * pub 2048R/12312312 2019-03-23 > * Key fingerprint = 4567 4567 4567 4567 4567 4567 4567 4567 > 4567 4567 > * uid Name <n...@domain.com> > * sub 2048R/11121314 2019-03-23 > * Key fingerprint = 8910 8910 8910 8910 8910 8910 8910 8910 > 8910 8910 > > Updated Setup using gpg-preset-passphrase only > > * ~/.gnupg/gpg-agent.conf > * We should be able to remove the first 3 line items since we are only > using gpg-preset-passphrase > * Final file contents > * allow-preset-passphrase > * Reload gpa-agent.conf file > * gpg-connect-agent reloadagent /bye > * Setup gpg-preset-passphrase > * gpg-preset-passphrase --preset > 8910891089108910891089108910891089108910 > * Now when you login to that key and enter the passphrase It should cache > it until you issue the following command to remove it. > * gpg-preset-passphrase —forget > 8910891089108910891089108910891089108910 > > Question: > > 1. Is the updated setup correct in my assumption for the setup? > > Thank you in advance for taking the time to help, it is greatly appreciated. > > Gaurav
hi, the best thing to do is test it. :-) but it looks promising. however, be warned that 2.0.22 is old and things have changed a lot since then. especially on systems with systemd, and especially when the subsequent uses of gpg are from a different systemd user session to the one that preset the passphrase. when i used 2.0.x, i ran gpg-agent in --daemon mode with the --write-env-file option so that the subsequent uses of gpg knew where to find gpg-agent (since they weren't child processes with access to the environment variables). that option disappears in later versions. also, in later versions you'll need to change: gpg2 --fingerprint --fingerprint n...@domain.com to: gpg2 --fingerprint --with-keygrip n...@domain.com cheers, raf _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
