Clear GPG Cache/Password after Encryption in Linux Terminal

Question

I am very annoyed with the GPG encryption process in the Linux terminal, I encrypt files with GPG from the terminal with the following command:

gpg --output file_out --symmetric --cipher-algo AES256 file_in

This command has been recommended here since GPG is a reliable encryption package.

The problem is that after enter the password and encrypt the file, the password doesn't get deleted. So anyone who has access to the PC can decrypt this file, and it doesn't get deleted only after I restart the computer.

So if I enter the decryption command right after: gpg --output file_in --decrypt file_out

It will give this message

gpg: AES256 encrypted data
gpg: encrypted with 1 passphrase

And it will decrypt this automatically. So the password is stored somewhere and it doesn't get deleted until I restart the computer.

Is there any way to clear/wipe the password right after the encryption is finished?

Stack Overflow is a site for programming and development questions. This question appears to be off-topic because it is not about programming or development. See [What topics can I ask about here](http://stackoverflow.com/help/on-topic) in the Help Center. Perhaps [Super User](http://superuser.com/) or [Unix & Linux Stack Exchange](http://unix.stackexchange.com/) would be a better place to ask. — jww, Aug 03 '17 at 12:56

score 10 · Answer 1 · answered Aug 23 '19 at 09:50

10

Simply reloading gpg-agent (instead of killing it) clears its passphrase cache. It exists different methods to reload gpg-agent:

echo RELOADAGENT | gpg-connect-agent
gpgconf --reload gpg-agent
pkill -SIGHUP gpg-agent

answered Aug 23 '19 at 09:50

gentooboontoo

4,653
3
20
15

This is a way better solution than the accepted answer. Thank you. – tobi Apr 03 '20 at 06:49

score 4 · Accepted Answer · answered Aug 03 '17 at 08:37

4

Passphrase is saved by gpg-agent. GPG tools like gpg start it automatically.

Use gpgconf --kill gpg-agent to stop agent.

answered Aug 03 '17 at 08:37

paka

791
1
8
7

score 2 · Answer 3 · answered Sep 23 '22 at 16:12

2

Alternatively, you can add --no-symkey-cache option, which disable the passphrase cache used for symmetrical encryption and decryption.

gpg --no-symkey-cache --output file_out --symmetric --cipher-algo AES256 file_in

something like that.

answered Sep 23 '22 at 16:12

Malachi

53
6

Clear GPG Cache/Password after Encryption in Linux Terminal

3 Answers3