I have been decrypting my GPG-encrypted files for years. My private key was encrypted with a passphrase. Upon attempting to decrypt, a dialog box appeared, asking for my passphrase. This only happened once, and then it would remember my passphrase until logout. That was in Debian wheezy, and, for a few months now, in jessie. (I'm using Debian's default GNOME 3 environment.)
Recently it started decrypting without asking for a passphrase. I attempted to change the passphrase with gpg --edit-key my-key-id
and then passwd
, but there is no difference. This first asked my for the existing passphrase before going on to ask me to enter, twice, the new passphrase. But gpg -d some_encrypted_file
will always work, immediately after reboot, without asking for a passphrase.
It seems the gpg-keyring-daemon
is at fault. If I try unset GPG_AGENT_INFO; gpg -d some_encrypted_file
, then it asks for the passphrase, otherwise it does not decrypt.
Update: Somehow, in dconf-editor
, desktop.gnome.crypto.cache.gpg-cache-method
was set to always
. I changed it to session
but there is no difference.
gpg-agent
, and you're looking for the culprit in the wrong corner.dconf-editor
,desktop.gnome.crypto.cache.gpg-cache-method
was set toalways
. I changed it tosession
but there is no difference.