Does the gpg-agent keeps the keys unlocked for the session?
Sudhir Khanger
sudhir at sudhirkhanger.com
Wed Jul 16 04:06:04 UTC 2014
On Wed, Jul 16, 2014 at 8:57 AM, Ed Greshko <ed.greshko at greshko.com> wrote:
> First, when it comes to gpg-agent, I believe the cache time for the passphrase is determined by --default-cache-ttl which defaults to 600 seconds. This can be changed on a per-user basis in the ~/.gnupg/gpg-agent.conf file.
You are right. If we are only talking about gpg-agent keeping cache
then it will inevitably expire in maximum 2 hours. Those are the
default settings even if you don't set ~/.gnupg/gpg-agent.conf.
--default-cache-ttl n: Set the time a cache entry is valid to n
seconds. The default is 600 seconds.
--max-cache-ttl n: Set the maximum time a cache entry is valid to n
seconds. The default is 2 hours (7200 seconds).
> Then, when it comes to kwallet, it can be configured to "Close Wallet" based on 3 criteria. I have mine simply set to "Close when last application stops using it" and I never get prompted again during a login session.
In a gpg-encrypted kwallet, as along as gpg-agent can keep gpg key
unlocked, it can unlock the kwallet right away even if it locks
itself. Does that make sense.
--
Regards,
Sudhir Khanger.
sudhirkhanger.com
https://github.com/donniezazen
More information about the users
mailing list