Gpg-agent config management

Question

Gpg-agent config management

krylop opened this issue 2 years ago · comments

Setting related to gpg-agent doesn't seem to work. I have tried to restart gpg-agent after setting new values but without success. I have no custom gpg just one added with pass-winmenu.

This is my settings:

gpg-agent:
        # Gpg-agent can have a pretty long startup time on Windows. This option allows
        # the gpg-agent to be started alongside pass-winmenu so it'll be ready when
        # you need it.
        preload: true
        config:
            # Set this to true to allow pass-winmenu to manage some configuration keys in your
            # `gpg-agent.conf` file, allowing you to configure features like password timeout.
            allow-config-management: true
            # Add the following configuration keys to `gpg-agent.conf`:
            keys:
                # Remember your GPG passphrase for up to 3600 seconds (one hour).
                # Every time you decrypt a password within this one-hour timespan, the timer will reset.
                default-cache-ttl: 1
                # This is the maximum amount of time gpg-agent will remember your passphrase
                # Once this amount of time has expired, gpg-agent will always ask you to re-enter it.
                max-cache-ttl: 127800

I set time to 1s to chceck if this will prompt me for passphrase

Will Power · Answer 1 · Wed Jul 06 2022 20:02:48 GMT+0800 (China Standard Time)

Note that a cached passphrase may not be evicted immediately from memory if no client requests a cache operation. This is due to an internal housekeeping function which is only run every few seconds.

https://www.gnupg.org/documentation/manuals/gnupg/Agent-Options.html

1 second is probably too short?

krylop · Answer 2 · Thu Jul 07 2022 01:07:13 GMT+0800 (China Standard Time)

After some research I found there is a way to start gpg-agent with custom settings.
gpg-agent.exe --options "./gpg-agent.conf" --daemon

gpg-agent.conf contains:
default-cache-ttl 1

That way gpg-agent prompt me for password every time

In addition I tested other values like 20s with pass-winmenu and without success.

Johan Geluk · Answer 3 · Thu Jul 07 2022 02:46:03 GMT+0800 (China Standard Time)

For this functionality, pass-winmenu looks up where your GPG home directory is located. It then looks for a gpg-agent.conf in that directory, creating it if it does not exist. It then adds the configuration keys to that file, or updates them if they are already present.

If you can't get this feature to work, there are a few things you can try:

Make sure you know where your GPG home directory is located. It should contain your private keys, keyring, trustdb, etc. By default, it will probably be somewhere in AppData.
Look for a gpg-agent.conf in your home directory. Pass-winmenu should have created one if it didn't exist yet, so if you can't find it, it is possible that pass-winmenu created it in the wrong place.
If you do have a gpg-agent.conf file, make sure its contents look OK. Perhaps something went wrong with writing the file.

Let me know if you still can't get it to work, or if pass-winmenu didn't create the gpg-agent.conf in the correct location.

krylop · Answer 4 · Thu Jul 07 2022 03:23:43 GMT+0800 (China Standard Time)

Thank you for reply.

By manually creating gpg-agent.conf file in home directory and placing default-cache-ttl 1 in the file it worked.

So the issue is creating the file. My home directory is located in (pass-winmenu.exe location)/lib/GnuPG, so the same location as bin folder with all gpg executables.

Johan Geluk · Answer 5 · Thu Jul 07 2022 05:17:32 GMT+0800 (China Standard Time)

In that case pass-winmenu probably expects your home directory to be somewhere else.
The way it determines the home directory is as follows:

If the gpg.gnupghome-override key in pass-winmenu.yaml is set, its location is used.
Otherwise, if the GNUPGHOME environment variable is set, its location is used.
If neither are set, the AppData/Roaming/gnupg path is used.

In other words, you can most likely solve your issue by setting the configuration key or the environment variable.

Ideally though, pass-winmenu would just detect the right location straight away, so I'd like to solve this issue in pass-winmenu if possible. Do you know how your GPG installation chooses the folder with its executables as its home directory? Is it a portable installation by any chance?

krylop · Answer 6 · Thu Jul 07 2022 14:16:10 GMT+0800 (China Standard Time)

In my case

key is set to null as default gnupghome-override: null
enviroment variable GNUPGHOME is not set
AppData/Roaming/gnupg doesn't exist

I did not install any GPG, I use portable version attached to pass-winmenu realise files. I simply extracted zip archive and started using pass-winnmenu.

Now I understand the issue and can solve it.

Johan Geluk · Answer 7 · Mon Oct 17 2022 03:52:19 GMT+0800 (China Standard Time)

Fixed in v1.13.1.