Does the gpg-agent keeps the keys unlocked for the session?

[Ed Greshko]

On 07/16/14 00:43, Sudhir Khanger wrote:
> Hello,
>
> I was wondering if gpg-agent on your system keeps the keys unlocked
> for the session.
>
> My experience is that it doesn't. According to the documentation, the
> passphrase cache would be removed in 2 hours [1].
>
> I am using gpg encrypted KWallet and according to KWallet's upstream
> developer the passphrase remains cached on his system for the session.
> Please see the bug report for more information [2].
>
> My only guess is that his distribution might be making choice on his behalf.
>
> How does your Fedora box behave? Are you asked to re-enter gpg
> passphrase after sometime? Or does it tend to keep cache for the
> session?

I wonder if you're not talking about 2 different things.....

First, when it comes to gpg-agent, I believe the cache time for the passphrase is determined by --default-cache-ttl which defaults to 600 seconds.  This can be changed on a per-user basis in the ~/.gnupg/gpg-agent.conf file.

Then, when it comes to kwallet, it can be configured to "Close Wallet" based on 3 criteria.  I have mine simply set to "Close when last application stops using it" and I never get prompted again during a login session.

-- 
If you can't laugh at yourself, others will gladly oblige.