7

I try to use GPG to sign files but something confuses me: If I enter in the terminal (the file I want to sign is called "checksums") it says:

$ gpg -s checksums
You need a passphrase to unlock the secret key for
user: "[my name] <[my email prefix]@gmail.com>"
4096-bit RSA key, ID C457C71D, created 2015-01-16

However, it doesn't ask me to enter my password but just does the signing process. Why is that?

UTF-8
  • 5,580
  • 10
  • 30
  • 66

2 Answers2

5

GnuPG uses gpg-agent to cache your passphrase. It does require the passphrase for signing (this is a private key operation) and thus prints the message, but does not need to ask you as the passphrase was still cached. Whether and how long the cache works can be configured.

gpg-agent

gpg checks if there is a running gpg-agent (or, in newer versions, necessarily starts one). gpg-agent does (among other things) cache your pass phrase for a given time.

Configuration

This time span can be configured in ~/.gnupg/gpg-agent.conf, which in my case contains a line

default-cache-ttl 600

to set the cache time to ten minutes (10*60 seconds). Further options are descriped in man gpg-agent, most options can also be used in gpg-agent.conf by omitting the leading --.

Jens Erat
  • 4,993
  • 7
  • 31
  • 37
  • I'm not sure if this directly answers the question? gpg complaining about a password but still succeeding, and not prompting for a password, is strange behavior that I'm also encountering. – Andy Ray Mar 07 '17 at 23:03
  • Indeed -- I added two sentences in front to provide some context. – Jens Erat Mar 13 '17 at 20:41
0

Because there is a gpg agent that caches your password for a period of time, so if you repeatedly use gpg, you only have to enter your password the first time, and then it will be remembered and used automatically on subsequent runs.

psusi
  • 37,033
  • 2
  • 68
  • 106