2

I am trying to decrypt a file from the server where I have the required public key of that server. The keyring has a password protection and so when I try to decrypt a file, it asks me for a passphrase.

Is there a way to bypass that passphrase by passing the password when we try to decrypt the file.

I am using gpg-agent where the passphrase is cached for 600sec default time and for some reason I am unable to set the max-cache-ttl (It didn't work for me, I don't know y) and is availble only for that session.

Now I want to cache the passphrase for which I am using gpg-preset-passphrase. I set it in .gnupg/gpg-agent.conf as gpg-preset-passphrase --preset hex. I don't know what I am missing in this.

Can someone please let me know what I am missing in this?

Peter DeWeese
  • 18,141
  • 8
  • 79
  • 101
kill007
  • 361
  • 1
  • 4
  • 13
  • See this, it might help: http://stackoverflow.com/questions/1867757/using-passphrase-callback-in-ruby-gpgme – Sergio Tulentsev Dec 29 '11 at 17:29
  • Thank you Sergei, I went through that but it didn't help me. I am doing the same as he did like passing the passphrase as a hash but it didn't work. Still the passphrase screen is popping up! – kill007 Dec 29 '11 at 17:31
  • Did you read the accepted answer? It mentions directories and environment. Did you try that also? – Sergio Tulentsev Dec 29 '11 at 17:33
  • Yeah! by default the keyrings are saved in ~/.gnupg directory. If they were generated in someother directory, inorder to use them, we should specify the environment variable. As my keyrings are in ~/.gnupg dir, I don't need to specify them. At the sametime as I am able to go to the passphrase screen, the decrypt command is able to pick that passphrase. – kill007 Dec 29 '11 at 17:49
  • Well, then I don't know. Good luck with this. Oh, and you find an answer by yourself, don't forget to post it here and mark as 'accepted'. This will help future visitors. – Sergio Tulentsev Dec 29 '11 at 17:51
  • Sure! Will do that. Thank you :) – kill007 Dec 29 '11 at 17:53

1 Answers1

4

I am unable to bypass the passphrase or pinentry screen, but I used gpg-agent options like default-cache-ttl to set the cache time. So that from the second attempt, the pinentry is going to retrieve the cached passphrase and will reset the timer on defaul-cache-ttl.

There is one more called max-cache-ttl option, even after the successfull retrieval of cached passphrase and reset of default-cache-ttl, this option doesn't change its timer and expires the cached passphrase after the set timeout.

For ex: If I set both of them for 10hrs (i.e., 36000sec), if I call the decrypt after 5hrs, default is going to reset its timer and now we have 10more hours. But the max is going to expire after the initial 10hours and thus removes the cached passphrase after 10hours.

One more problem I found is, session issue with gpg-agent. i.e., if I open a new session and try to decrypt, it doesn't happen and errors out that gpg-agent is not available for this session. I wrote some shell script and put it on bashrc so that it starts as soon as a new session is started

kill007
  • 361
  • 1
  • 4
  • 13
  • 1
    Bump!!! default-cache-ttl option should be accompanied with max-cache-ttl option. Otherwise the passphrase expires after 2hours even the default-cache-ttl is set for more than 2hrs because the max-cache-ttl default is 2hrs. Is there a way that we can just define default-cache-ttl i.e., I don't want to expire the cache even after the max-cache-ttl is set. – kill007 Jan 11 '12 at 20:10