[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [Priority Support]

Disable gpg-agent passphrase caching by default (already done in Whonix 13)


#1

When encrypting a file, for example, symmetric:

gpg -c filename

and then decrypting

gpg filename.gpg

The file gets decrypted without gpg asking for a passphrase.

As explained in:

The passphrase gets cached by gpg-agent for some time.

For better security, this caching should be disabled or set to the minimum possible.

Solution from the above link:

For newer versions (v2.1+), disable password caching for the agent by creating ~/.gnupg/gpg-agent.conf and adding the following lines:

default-cache-ttl 1
max-cache-ttl 1

There was no such caching (issue already solved) in Whonix 13