3

I am using gpg to encrypt my email password that I pass on to msmtp in order to send email.

I initially ran gpg --full-gen-key to generate a pair of keys. During the process, it asked me for a passphrase. The process has completed successfully.

Secondly, I encrypted my email password by running gpg --encrypt --output ~/.msmtp/msmtp-myaccount-pass.gpg --recipient my@gpg-email -

I configured msmtp to use passwordeval and tried a to send a test email. While sending, gpg asked me to enter the passphrase. This was done and the email was sent successfully.

Now, I would like to send system reports email to myself from this headless raspberry pi server and in order to do that I am building a script which will be run by cron. Given that the server will be unattended, the passphrase needs to be cached and I understood that the safest way to do that is by using gpg-agent.

In order to use gpg-agent, I need to edit ~/.gnupg/gpg.conf and add use-agent. I also need to edit gpg-agent.conf to customise the caching period. This is where I have reached a dead-end.

I cannot find the file gpg-conf nor the file gpg-agent.conf.

When I list the .gnupg directory, I get:

drwx------ 2 pi pi 4096 Apr  5 22:11 crls.d
drwx------ 2 pi pi 4096 Apr  5 22:15 openpgp-revocs.d
drwx------ 2 pi pi 4096 Apr  5 22:15 private-keys-v1.d
-rw-r--r-- 1 pi pi 2475 Apr  5 22:15 pubring.kbx
-rw------- 1 pi pi   32 Apr  5 22:11 pubring.kbx~
-rw------- 1 pi pi  600 Apr  5 22:43 random_seed
-rw------- 1 pi pi 1280 Apr  5 22:18 trustdb.gpg

I confirm that gpg-agent is running as a process.

I looked for a solution online and some suggest to copy skeleton files from /usr/share/gnupg but no skeleton files available as per below:

distsigkey.gpg  help.de.txt  help.fi.txt  help.it.txt  help.pt_BR.txt  help.tr.txt
help.be.txt     help.el.txt  help.fr.txt  help.ja.txt  help.ro.txt     help.zh_CN.txt
help.ca.txt     help.eo.txt  help.gl.txt  help.nb.txt  help.ru.txt     help.zh_TW.txt
help.cs.txt     help.es.txt  help.hu.txt  help.pl.txt  help.sk.txt     sks-keyservers.netCA.pem
help.da.txt     help.et.txt  help.id.txt  help.pt.txt  help.sv.txt

I would be grateful if you could assist me in configuring gpg-agent regarding the cache time for the passphrase.

For reference, I am using Raspbian Buster on a Raspberry Pi 2 Model B.

Thanks in advance.

Improve this question

1 Answer 1

Reset to default
5

I cannot find the file gpg-conf nor the file gpg-agent.conf

It's no big deal, just create it. Without it Gnupg is running with default options.

If you want to manually enter the passphrase on startup, then memorize it for a certain amount of time the option you are interested in is default-cache-ttl but it's not the only one:

gpg-agent can be configured via ~/.gnupg/gpg-agent.conf file. The configuration options are listed in gpg-agent(1). For example you can change cache ttl for unused keys:

~/.gnupg/gpg-agent.conf

default-cache-ttl 3600

Tip: To cache your passphrase for the whole session, please run the following command:

$ /usr/lib/gnupg/gpg-preset-passphrase --preset XXXXX

where XXXXX is the keygrip. You can get its value when running gpg --with-keygrip -K. The passphrase will be stored until gpg-agent is restarted. If you set up default-cache-ttl value, it will take precedence.

Source: GnuPG

Improve this answer
2
  • 1
    I tried gpg-preset-passphrase but I am getting: gpg-preset-passphrase: cachingbpassphrase failed: Not supported.
    – iLW
    Commented Apr 6, 2020 at 2:48
  • "This program works with GnuPG 2 and later. GnuPG 1.x is not supported." - Source: gnupg.org documentation: gpg-preset-passphrase. Can you confirm your version by running gpg --version ? You might have both V1 and V2 available on your system, then you can replace gpg with gpg2 in your command line.
    – Kate
    Commented Apr 6, 2020 at 17:44

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .