gpg-agent ignoring cache config macOS sierra

0

I installed gpg via homebrew.

I have a ~/gpg-agent.conf file as follows:

allow-preset-passphrase
default-cache-ttl 1209600
max-cache-ttl 1209600
max-cache-ttl-ssh 1209600

My .bashrc (actually: ~/.bash_it/custom/gpg-agent.bash) has 

export GPG_TTY=$(tty)

[ -f ~/.gpg-agent-info ] && source ~/.gpg-agent-info
if [ -S "${GPG_AGENT_INFO%%:*}" ]; then
  export GPG_AGENT_INFO
else
  eval $( /usr/local/bin/gpg-agent --daemon --write-env-file ~/.gpg-agent-info )
fi

My assumption was this would make it so that I'm only asked for my passphrase once every 2 weeks, but I'm still asked for it every 5 minutes. gpg-agent --gpgconf-list shows the actual values being used?

$ gpg-agent --gpgconf-list
gpgconf-gpg-agent.conf:16:"/Users/notbrain/.gnupg/gpg-agent.conf
verbose:8:
quiet:8:
debug-level:24:"none:
log-file:8:
default-cache-ttl:24:600:
default-cache-ttl-ssh:24:1800:
max-cache-ttl:24:7200:
max-cache-ttl-ssh:24:7200:
enforce-passphrase-constraints:8:
min-passphrase-len:24:8:
min-passphrase-nonalpha:24:1:
check-passphrase-pattern:24:
max-passphrase-days:24:0:
enable-passphrase-history:8:
no-grab:8:
ignore-cache-for-signing:8:
no-allow-mark-trusted:8:
no-allow-external-cache:8:
disable-scdaemon:8:
enable-ssh-support:0:

Why is my gpg-agent.conf file not being obeyed? What am I missing? Installed via homebrew:

$ ll $(which gpg)
8 lrwxr-xr-x  1 notbrain  admin    33B Mar  1 15:15 /usr/local/bin/gpg -> ../Cellar/gnupg2/2.0.30_3/bin/gpg

Brian

Posted 2017-03-02T19:55:14.007

Reputation: 408

This should be moved over to apple.stackexchange.com, I think. But I can answer here anyway. – Flavin – 2017-04-04T15:15:51.017

Answers

0

You've put the gpg-agent.conf file in your home directory at ~/.gpg-agent.conf. But the default location for that file is in a subdirectory: ~/.gpg/gpg-agent.conf.

In the gpg-agent configuration documentation they say the gpg-agent.conf file should be in the "current home directory". But, confusingly, they don't mean the user's home directory; they mean gpg-agent's home directory: ~/.gpg.

So you can move your config file to ~/.gpg/gpg-agent.conf and it should be found. Alternatively, you can give gpg-agent a new home directory using the --homedir [dir] flag on startup.

Flavin

Posted 2017-03-02T19:55:14.007

Reputation: 101

1I think you misread the output - it's in .gnupg/gpg-agent.conf in my home directory. I should answer this that it took a restart for gpg-agent to pick up the configs I set. A simple relaunch of iterm2 did not cut it. – Brian – 2017-04-05T16:16:18.753

0

Turns out this was just an issue with a simple logout/login and/or relaunch of iterm2 not working. It started to work once I rebooted.

Brian

Posted 2017-03-02T19:55:14.007

Reputation: 408

Asked: 2017-03-02T19:55:14.007

Viewed: 1 254 times

Active: 2017-04-05T16:17:20.837