tknv/gpg-agent.conf

Created November 17, 2016 17:28

Star 6 You must be signed in to star a gist
Fork 1 You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/tknv/43604e851a371949343b78261c48f190.js"></script>
Save tknv/43604e851a371949343b78261c48f190 to your computer and use it in GitHub Desktop.

Download ZIP

~/.gnupg/gpg-agent.conf

Raw

gpg-agent.conf

	default-cache-ttl 28800
	# 8 hours
	pinentry-program /usr/bin/pinentry-curses
	allow-loopback-pinentry

Author

tknv commented Nov 17, 2016

pass insert mail/work-gpg

marcofranssen commented Jul 24, 2020 •

edited

I have been trying this as well. Somehow it does not take my ttl setting.

$ cat /Users/marco/.gnupg/gpg-agent.conf
default-cache-ttl 3600

$ gpg-agent --gpgconf-list
gpgconf-gpg-agent.conf:16:"/Users/marco/.gnupg/gpg-agent.conf
verbose:8:
quiet:8:
debug-level:24:"none:
log-file:8:
default-cache-ttl:24:600:
default-cache-ttl-ssh:24:1800:
max-cache-ttl:24:7200:
max-cache-ttl-ssh:24:7200:
enforce-passphrase-constraints:8:
min-passphrase-len:24:8:
min-passphrase-nonalpha:24:1:
check-passphrase-pattern:24:
max-passphrase-days:24:0:
enable-passphrase-history:8:
no-grab:8:
ignore-cache-for-signing:8:
no-allow-external-cache:8:
no-allow-mark-trusted:8:
disable-scdaemon:8:
enable-ssh-support:0:
ssh-fingerprint-digest:24:"md5:
no-allow-loopback-pinentry:8:
allow-emacs-pinentry:8:
pinentry-timeout:24:0:
enable-extended-key-format:8:
grab:8

As you can see I have my ttl at 3600, but when checking the active config it still shows 600. As you can see it does read the config file I defined.

Running this from zsh on MacOS using iTerm.

Also tried killing the active gpg-agent and closing and reopening the shells.

Author

tknv commented Jul 25, 2020 •

edited

Hi @marcofranssen, I check my conf now then there are;

max-cache-ttl 28800  
default-cache-ttl 28800  
pinentry-program /usr/bin/pinentry-curses

FYI: https://superuser.com/questions/624343/keep-gnupg-credentials-cached-for-entire-user-session#:~:text=The%20default%20value%20is%20600,for%20maximum%2Dcache%2Dttl%20.&text=But%20for%20this%20change%20to,kill%20the%20daemon%20at%20logout.

But...yours are looks issue.

Author

tknv commented Jul 25, 2020 •

edited

I could check set values by;
gpgconf --list-options gpg-agent
I am not sure your command shows actually applied config params.

       --gpgconf-list
              This command is similar to --list-config but in general only internally used by the gpgconf tool.

from man page of gpg2.

marcofranssen commented Jul 27, 2020

You where right. gpgconf --list-options gpg-agent shows the correct value. Let me check if it is now properly caching for an hour as opposed to the default ten minutes.

FradSer commented Nov 9, 2020

Try gpg-connect-agent reloadagent /bye to reload agent.

PaulRBerg commented Nov 11, 2020 •

edited

I want to use gpg signing in git and set a very long passphrase cache, but for some reason git doesn't pick up the settings I listed in ~/.gnupg/gpg-agent.conf:

default-cache-ttl 1209600
max-cache-ttl 31536000

Also my global .gitconfig file:

[commit]
	gpgSign = true

What am I missing?

Update: I posted this as a question on StackOverflow.

marcofranssen commented Nov 11, 2020

I have provided you with my solution. I'm prompted by the gpg agent once an hour to provide my credentials for the key.

Author

tknv commented Nov 12, 2020 •

edited

Hi @PaulRBerg, I did not try gpg sign to my commit, looks it is way to do.
https://stackoverflow.com/questions/10161198/is-there-a-way-to-autosign-commits-in-git-with-a-gpg-key
Also,
https://gist.github.com/mort3za/ad545d47dd2b54970c102fe39912f305

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment