GPG Agent discarding cache before ttl/max ttl
Werner Koch
wk at gnupg.org
Tue Oct 15 22:57:16 CEST 2019
On Tue, 15 Oct 2019 09:14, Chip Senkbeil said:
> Is there some separate setting for GPG agent to discard its cache
> earlier than the ttl/max ttl settings? I've checked the GPG agent
You can follow the cache operations by adding
log-file /some/log/file
debug cache
to gpg-agent.conf and reload it (gpgconf --reload gpg-agent). This will
give you some insights on what is going on.
The stadard way to flush the cache is bei sending a HUP to gpg-agent (or
the above reload command). If your system has a method to run a script
on suspend or lid closing it may already do just that. I consider this
a good idea but we can't do that by default in GnuPG because systems
differ to much on how to detect a lid closing event or similar. Thus
there is also no way to avoid it using a GnuPG option.
> enable-ssh-support
Its the default anyway
> fixed-list-mode
You can remove that too it has no effect anymore.
> # When making an OpenPGP certification, use a stronger digest than
> the default
> # SHA1:
> cert-digest-algo SHA256
It is the default for a long time now. Only gpg 1.4 still defaults to
SHA-1 but you are not using that.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20191015/ee8dd9c3/attachment.sig>
More information about the Gnupg-users
mailing list