On Tue, 25 Jul 2017 22:30, mar...@gmx.com said: > I've been trying to understand gpg-agent cache behavior in the presence > of two distinct keys with the same passphrase. Namely, why is that it > only asks for the passphrase once, regardless of the key being used?
There is a kludge in gpg and gpg-agent described in this comment: /* The standard use of GPG keys is to have a signing and an encryption subkey. Commonly both use the same passphrase. We try to help the user to enter the passphrase only once by silently trying the last correctly entered passphrase. Checking one additional passphrase should be acceptable; despite the S2K introduced delays. The assumed workflow is: 1. Read encrypted message in a MUA and thus enter a passphrase for the encryption subkey. 2. Reply to that mail with an encrypted and signed mail, thus entering the passphrase for the signing subkey. We can often avoid the passphrase entry in the second step. We do this only in normal mode, so not to interfere with unrelated cache entries. */ "normal modes" is one of the cache classes we have in gpg-agent. This one is for unprotecting gpg or gpgsm keys. If you want to follow what is going on, you may add verbose debug ipc,cache log-file socket:// into gpg-agent.conf, restart the agent and run watchgnupg --force --time-only $(gpgconf --list-dirs socketdir)/S.log on another tty. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
pgpEbVyiQTyDU.pgp
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users