Closed alexozer closed 4 years ago
Is this not already in pass-winmenu.yaml?
It is indeed! Check out the GPG agent configuration section here.
Note that if you have a gpg-agent running, you'll need to restart it before those changes take effect. You can check task manager for gpg-agent.exe
and kill it, it'll automatically be started as soon as you try to decrypt a password.
Ah I see, I've tried changing those settings before but didn't see an effect. I'll try restarting GPG agent.
Unfortunately I've ran into the same issue I've encountered in the past, where changing the default timeout values don't seem to have effect. I'm still prompted for a password around an hour later, despite having these timeout values in my configuration:
gpg-agent:
# Gpg-agent can have a pretty long startup time on Windows. This option allows
# the gpg-agent to be started alongside pass-winmenu so it'll be ready when
# you need it.
preload: true
config:
# Set this to true to allow pass-winmenu to manage some configuration keys in your
# `gpg-agent.conf` file, allowing you to configure features like password timeout.
allow-config-management: false
# Add the following configuration keys to `gpg-agent.conf`:
keys:
# Remember your GPG passphrase for up to one hour.
# Every time you decrypt a password within this one-hour timespan, the timer will reset.
default-cache-ttl: 1000000000000000
# This is the maximum amount of time gpg-agent will remember your passphrase
# Once this amount of time has expired, gpg-agent will always ask you to re-enter it.
max-cache-ttl: 10000000000000000000
You need to set allow-config-management: false
to true
as well, otherwise the changes won't be written to the gpg-agent configuration file. The deafult of false
here is a safety precaution to ensure pass-winmenu doesn't automatically alter the GPG configuration files, since that may not be what everyone wants.
As an aside, I'm not sure how well gpg-agent will deal with such high TTL values, so if you still encounter issues, I'd try lowering them.
that amount of seconds is millions of years so bound to upset something :laughing:
Setting allow-config-management
to true
seems to have worked, thanks!
Is there any way to cache your GPG passphrase indefinitely, even as new passwords are decrypted? My master password is long and inconvenient to type constantly, and I suspect typing it often may be less secure than simply not.