5

Suddenly the behaviour of gpg has changed and my world crumbles.

I have several keys, all but one for testing purposes. The one is my personal key. Up to now I have been able to encrypt with this key, and I seem to remember that I had to type my passphrase to encrypt. Now suddenly I don't. But what is more frightening, I can double click the encrypted file and it will decrypt without asking for my passphrase.

I have googled on this, and found several suggestions, none of which works. How do I force gpg to ask for my passphrase before it decrypts a file? And how do I make sure that it encrypts with the right key. I use -r but it appears that the key doing the encryption is not my own key even if is the name of my personal key. I can accept that it is the recipients key which matters in encryption, but I would like my personal identity to be involved, and not the first key in the keyring.

James Wilde
  • 51
  • 1
  • 2
  • If you are just encrypting, your private key is not needed, so it doesn't make sense to need to unlock it. If you are encrypting _and_ signing, or just signing, then you will need the key and passphrase. – multithr3at3d Jun 05 '18 at 14:48
  • Thanks for your comment, multith3at3d. I realise that it is the recipient's key which should be used to encrypt. What concerns me a lot more is that I can double-click on the .gpg file and a decrypted copy is created without my needing to enter my passphrase. I want to keep certain files on my hard disk which are encrypted, but which I can decrypt as necessary, but I don't want them decrypted simply by a double click. – James Wilde Jun 06 '18 at 15:22
  • What OS is this, and what key software is in use? I.e. do you have a key manager, like Gnome's? – multithr3at3d Jun 06 '18 at 15:27
  • I'm using gpg installed via GPG Suite on a Mac running High Sierra, although I seek to encrypt the files in a terminal window with gig -e -r "James Wilde" . When the file has been encrypted, double-clicking on it decrypts it. – James Wilde Jun 08 '18 at 05:45

1 Answers1

2

This is due to gpg-agent temporarily caching your password. You can easily disable caching.

forest
  • 64,616
  • 20
  • 206
  • 257