Longer passphrase cache for GPG

2009-03-21 (permalink tags: )

Blogging live from Cambridge. I like to sign my emails with GPG but the default configuration and the integration with kmail is so annoying that I always ended up ditching it. At least it was the case until I took the time to dive into arcane documentation and to find how to make it work for my kind of usage.

I use GPG add a cryptographic signature to email that I send with kmail, the KDE email client. Kmail uses kwallet, the KDE password manager to store passwords so I don't have to type them every time that I check if I have new emails. This what you would expect from a non-baroque email client and that's the way I like it. When you configure kmail to use GPG to sign outgoing emails however, it leaves GPG to handle his passwords by itself. Now the annoyance begins.

GPG being an advanced security and privacy tool is somewhat paranoid regarding how it stores passphrases used to unlock private keys. It defaults to send the passphase to the gpg-agent with a timeout of five minutes. That means that every five friggin minutes, I need to retype my GPG key when I send an email. If that was not annoying enough already, the password prompt window is not modal to kmail and it is not always raised on top of the windows stack. That means that I have to alt-tab through a few windows every five minutes when I want to send an email. Don't get me wrong, the benefit of signing my emails does not warrant that much pain.

This is where reading the doc did help. The GPG documentation is really hard to read but if you manage to decider it, you will gladly learn that there is a setting to increase the timeout for the passphrase cache. I order to use it, you first have to make sure that you are using the GPG agent. To do that, edit your ~/,gnupg/gpg.conf file and make sure that you have the use-agent line. After that, edit or create your ~/.gnupg/gpg-agent.conf file and add the following lines:

   default-cache-ttl 86400
   max-cache-ttl 86400

Now logout and log back in and you're done: GPG will only prompt you for your pass-phrase once a day. Enjoy!

Comments

2009-03-21 11:28:25 by Zachary Beane (direct link | reply)

Sorry to hear you're leaving before ILC 09. I'm coming down tomorrow morning!

Leave a comment