As far as I know, gnome-keyring-daemon caches passphrases for keys by default until I log out. I would like to set the default to something like "cache for 10 minutes". How can I do that in Ubuntu 12.04 Precise?
Thanks a lot!
Asked
Active
Viewed 1.2k times
20
Karl Frisk
- 571
-
2I found related options in ´gsettings´ under ´org.gnome.crypto.cache´. Unfortunately these do not seem to have any effect. Probably this is due to this bug for which the fixes apparently were never merged to ubuntu (https://bugzilla.gnome.org/show_bug.cgi?id=681081) – Karl Frisk Oct 13 '13 at 11:44
-
OK, the last comment is only true for SSH-keys. For GPG the settings work as expected. – Karl Frisk Oct 13 '13 at 11:56
1 Answers
24
- Lauch
dconf-editor. - Navigate to desktop - gnome - crypto - cache.
- change
gpg-cache-methodtoidleortimeout. - change
gpg-cache-ttlto the number of seconds you want the passphrase to be cached. - Restart the gnome-keyring daemon
$ gnome-keyring-daemon -r
idle means that the timer is reset each time you use the key before timeout is reached. timeout means that simply the time elapsed since entering the passphrase is considered.
This only works for GPG-keys. Passphrases for SSH-keys are still cached until the end of the session. IMHO this is a bug.
-
1I did what you suggested and it made no difference. The system remembers the passphrase regardless and decryption follows. This is a serious security issue. I am surprised nobody has raised a red flag. – Jul 12 '17 at 19:57
-
2I'm struggling with this problem under Ubuntu 18.03. I used dconf-editor to change to
timeoutand use 1 second. I reset the keyring and immediately after I had to use the password for my PGP key. However, once entered, the password gets cached again. It survives a reboot/logout. Very frustrating! – Linter Aug 10 '18 at 12:41 -
If not mistaken, the command line equivalent is:
gsettings set org.gnome.crypto.cache gpg-cache-method 'timeout',gsettings set org.gnome.crypto.cache gpg-cache-ttl 300,gnome-keyring-daemon -r. – Flux Mar 09 '21 at 09:35 -
I also agree that cache credentials forever (not the session, in my case, don't know got to change this) don't make sense for a tool which is made to increase security, created a workaround for it – deFreitas Jan 28 '23 at 21:50
-