ToddAndMargo via users wrote:
Hi All,
I encrypted a file with gpg --symmetric foobar.txt
It created foobar.txt.gpg file as expected and I DID NOT tell it to store the passphrase.
$ cat foobar.txt.gpg clearly showed a binary file.
When I ran $less foobar.txt.gpg
it showed me the recovered file without encryption and DID NOT ask me for a passphrase.
When I renamed the foobar.txt.gpg to foobar.txt and ran "less" on it, now I get a binary file. renaming it back to gpg and now it gets decrypted again.
HOW DID LESS figure out my key and decrypt my file?
The LESSOPEN env variable points to the lesspipe.sh script, which is able to do things like running gpg -d for files matching .gpg files and sending the output to less. It does the same for tar files, so that less some.tar produces a list of the files in some.tar. And so on for many other file types.
Are there are gpg keys stored somewhere" How do I whack (erase) them?
The gpg-agent caches passphrases, I believe the default TTL is 2 hours. You can force that cache to be cleared if that's the cause. I think that's:
gpg-connect-agent reloadagent /bye
but I haven't looked at the docs lately to confirm that.