The short story:
I just installed pinentry-mac
and this asks me my passphrase only once but then decrypt gpg files without asking for passphrase
The long story:
I am running macos and I use gpg
and pass
as keychain.
I am not sure of why this happened but I updated several package on my machine and I think that gpg got updated to gpg2. When using pass I now got the following error message:
gpg: error running '/opt/local/bin/gpg-agent': exit status 2
gpg: failed to start gpg-agent '/opt/local/bin/gpg-agent': General error
gpg: can't connect to the gpg-agent: General error
gpg: error running '/opt/local/bin/gpg-agent': exit status 2
gpg: failed to start gpg-agent '/opt/local/bin/gpg-agent': General error
gpg: can't connect to the gpg-agent: General error
gpg: keydb_search failed: No agent running
gpg: error running '/opt/local/bin/gpg-agent': exit status 2
gpg: failed to start gpg-agent '/opt/local/bin/gpg-agent': General error
gpg: can't connect to the gpg-agent: General error
gpg: error running '/opt/local/bin/gpg-agent': exit status 2
gpg: failed to start gpg-agent '/opt/local/bin/gpg-agent': General error
gpg: can't connect to the gpg-agent: General error
gpg: keydb_search failed: No agent running
gpg: public key decryption failed: No secret key
gpg: decryption failed: No secret key
At that time the content of the file gpg-agent.conf
was the following
max-cache-ttl 0
default-key 1234**************************
Following another question I installed pinentry via homebrew
pinentry-program /usr/local/bin/pinentry-mac
After that when in the terminal when opening a .gpg file I got a prompt outside of the terminal (which I didn't get before: I think it was Keychain) asking for my passphrase. I did not get the terminal based prompt that I had before. Thereafter, I was not asked my passphrase again and could open all the .gpg without passphrase
I then followed the answer of @user3056783 in pinentry-mac completely disables prompt for GPG passphrase
This worked but 1. got the same prompt for passphrase and the problem reappeared and this time 1. I could not find the entry for GnuPG
in keychain access and I have now to restart my machine so that it "forgets" my passphrase
That's a huge vulnerability. How can I solve this so that I get asked my passphrase for opening each gpg file?