当我运行 gpg2 时,每次使用时都会提示输入密码。根据我对gpg-agent手册页的阅读,我应该只在第一次时得到提示。
gpg-agent is a daemon to manage secret (private)
keys independently from any proto-col. It is
used as a backend for gpg and gpgsm as well as
for a couple of other utilities.
The agent is automatically started on demand
by gpg, gpgsm, gpgconf, or gpg-connect-agent.
Thus there is no reason to start it manually.
...
--default-cache-ttl n
Set the time a cache entry is valid to n
seconds. The default is 600 sec- onds.
Each time a cache entry is accessed, the
entry's timer is reset. To set an entry's
maximum lifetime, use max-cache-ttl.
--max-cache-ttl n
Set the maximum time a cache entry is valid
to n seconds. After this time a cache
entry will be expired even if it has been
accessed recently or has been set using
gpg-preset-passphrase. The default is 2
hours (7200 seconds).
如果我正确地阅读了本文,那么gpg2在我第一次使用它时,调用应该提示输入密码,然后,如果我在接下来的 600 秒内再次运行它,则不会再次提示我。跑步
gpg2 --export-secret-keys --armor [email protected] > /dev/null
给了我这个:
┌─┐
│ Please enter the passphrase to export the OpenPGP secret key: │
│ "John Doe (asdf) <[email protected]>" │
│ 2048-bit RSA key, ID EB7B49EAD38DE665, │
│ created 2018-10-09. │
│ │
│ │
│ Passphrase: _ │
│ │
│ <OK> <Cancel> │
└─┘
正在运行的快速ps aux节目gpg-agent:
ps aux | grep gpg-agent
jdoe 14089 0.1 0.1 100884 3588 ? SLs 18:50 0:07 /usr/bin/gpg-agent --supervised
唉,此后立即再次运行又 gpg2 --export-secret-keys...提示我再次输入密码。
更多细节:
- 我在用着
pinentry-curses - 我已经
$GPG_TTY导出到我的.bashrc gpg2 --version -> gpg (GnuPG) 2.2.4- 我已读完为什么即使使用 gpg-agent,gpg 仍要求输入密码?和如何找出 gpg-agent 缓存了哪些密钥? (就像 ssh-add -l 如何显示缓存的 ssh 密钥一样),但我没有相当跟随。
答案1
从 GnuPG 2.2.4 手册中,--export-secret-keys(具体而言):
GnuPG 可能会要求您输入密钥的密码。这是必需的,因为密钥的内部保护方法与OpenPGP协议规定的不同。