Ubuntu: How can I get GPG Agent to cache my password?



Question:

I'm a developer, and I commonly sign my Git commits with my GPG key. I've been able to get GPG Agent working properly on OSX so that it only asks me for my password once per day, but I'm having problems getting the same thing working on Ubuntu 16.04.

Here's what I'm doing:

  • I've got my GPG keys setup / etc.
  • I'm in a Git directory.
  • I add some files to Git.
  • I then go to commit them (git commit), and get a GPG password request that looks like this:

    $ git ci    You need a passphrase to unlock the secret key for  user: "Randall Degges <r@rdegges.com>"  4096-bit RSA key, ID 8F700DA2, created 2016-04-05    [master 1740961] blah   1 file changed, 1 insertion(+)  

The problem is: every single time I do a commit, I'm re-prompted for my GPG password again.

What I'd like to do is configure GPG Agent to cache my password for 1 full day, so it only needs to be entered once.

I've read through tons of documentation and blog posts, and here's what I've tried so far...

First, I modified my ~/.zshrc file (I use zsh) to set the following:

# GPG Agent  export GPG_TTY=$(tty)  export GPGKEY=8F700DA2  

Now, from what I read, this alone should do the trick after restarting gpg-agent, but it does not.

So, the next thing I did was I defined a ~/.gnupg/gpg-agent.conf file as explained in the man gpg-agent page:

# Set the default cache time to 1 day.  default-cache-ttl       86400  default-cache-ttl-ssh   86400    # Set the max cache time to 30 days.  max-cache-ttl           2592000  max-cache-ttl-ssh       2592000  

This also has no effect.

I've also tried various blog methods, etc., but nothing seems to work. Can someone give me some pointers to things I might be missing?


Solution:1

In addition to setting up the cache times in gpg-agent.conf, you also have to make sure GnuPG is actually interfacing the gpg-agent. GnuPG 2 and upwards generally does, the GnuPG 1 branch does not. By default git is using the gpg binary, which (at the time of writing this answer) still is GnuPG 1, while GnuPG 2 is installed as gpg2 on most systems.

In the end, you have to possibilities:

  • set up git to use gpg2 by changing the git configuration:

    `git config --global gpg.program gpg2`  
  • set up gpg/GnuPG 1 to use gpg-agent by adding use-agent to gpg.conf


Solution:2

In addition to the above answer, you can also just change the default gpg in your system to gpg2 rather than gpg1.

If git config --global gpg.program gpg2 works for you, but you don't want to leave that in your git config (in my case because I use the same config on macOS) then you can just swap the default gpg out.

I followed the guide here, which was just:

$ sudo mv /usr/bin/gpg /usr/bin/gpg1  $ sudo update-alternatives --verbose --install /usr/bin/gpg gnupg /usr/bin/gpg2 50  

This makes gpg1 the old gpg binary, and symlinks /usr/bin/gpg -> /usr/bin/gpg2 (with name gnupg and priority 50).

Changing the default gpg could in theory break some packages on your system, but Debian Stretch (the current stable version of Debian) sets gpg2 as the default gpg in a similar way, so you shouldn't have too many problems.


Note:If u also have question or solution just comment us below or mail us on toontricks1994@gmail.com
Previous
Next Post »