ignore-cache-for-signing has no effect on gpg-agent

Jimmy C. Chau chaujc at gmail.com
Sun Oct 30 20:51:22 CET 2011


Despite setting ignore-cache-for-signing on gpg-agent, the
key/passphrase appears to be cached when I use gpg to sign files. 

To reproduce:
eval $(gpg-agent --daemon --ignore-cache-for-signing)
touch a b
gpg --sign a    # it displays the following and asks for a password this
time

    You need a passphrase to unlock the secret key for
    user: "Jimmy C. Chau <chaujc at gmail.com>"
    4096-bit RSA key, ID 76B6863D, created 2011-07-12

gpg --sign b    # it does not ask for a password this time, but still
displays the following

    You need a passphrase to unlock the secret key for
    user: "Jimmy C. Chau <chaujc at gmail.com>"
    4096-bit RSA key, ID 76B6863D, created 2011-07-12


I've searched for an explanation for this behavior but I couldn't find
any (the closest I could find suggested setting default-cache-ttl and
max-cache-ttl, but I don't know why I would need to set the cache-ttl if
the cache should be bypassed). 

Here's "gpg-agent --version" in case it's version specific:

    gpg-agent (GnuPG) 2.0.17
    libgcrypt 1.4.6
    Copyright (C) 2011 Free Software Foundation, Inc.
    License GPLv3+: GNU GPL version 3 or later
    <http://gnu.org/licenses/gpl.html>
    This is free software: you are free to change and redistribute it.
    There is NO WARRANTY, to the extent permitted by law.


I'm new to gpg-agent so I'm not sure whether this is a bug or my
mistake.  I'll appreciate any help in figuring out what went wrong. 

(I've just subscribed to this mailing list, but didn't receive any sort
of confirmation, so I'm not sure if I'm on the list yet; please CC me
when replying.)

Thanks!
-Jimmy C. Chau
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20111030/0364517a/attachment.htm>


More information about the Gnupg-users mailing list