4

I want to disable GPG caching entirely. Ie, symmetrically encrypt a file, then have it ask for a password every time.

Specifically, I'm using GPG 2.2.14 to try to do:

gpg -c file.txt

I've tried adding a ~/.gnupg/gpg-agent.conf with default-cache-ttl and max-cache both set to 1 but this doesn't seem to work. Ive also tried encrypting with --no-symkey-cache but again, this doesn't seem to prevent password caching. The two in combination also does not prevent caching. On first attempt it asks for password, then caches it and doesn't ask again.

I want the file to be encrypted and the password to be nuked and never seen again for all users, including myself and root. Anyone know how to do this?

System is Raspbian Buster 10 running on a raspberry pi 4.

ardunn
  • 79
  • 2
  • 9
  • 1
    Did you restart GPG agent after making those changes ie `gpgconf --kill gpg-agent` – Kate Feb 02 '20 at 16:37
  • oh no, thanks i didn't do that. however, wouldn't this just change it for the current user? what if another user uses uses gpg (e.g., root, guest)? I would like to disable it globally if possible. i.e., no caching across the entire system – ardunn Feb 02 '20 at 22:03
  • `man gpgconf` suggests that you can put a configuration file to `/etc/gnupg/gpgconf.conf` for a system-wide configuration – inetknght Feb 15 '20 at 21:29
  • Using `gpgconf --reload` also did the trick for me. – Amin NAIRI May 17 '21 at 09:12
  • I need this feature, it's unacceptable to expose the passphrase to other users on system. As a most popular security software, no proper way to disable caching passphrase is really ironic. – pjincz Jun 24 '21 at 12:59

0 Answers0