Re: Timeout when signing

2021-03-19 Thread Werner Koch via Gnupg-users 
On Thu, 18 Mar 2021 13:57, Nick Cripps said:

> I'm trying to encrypt and sign a large file. It takes a while to do this,
> and I then do other things while this is happening. It then completes and
> presumably asks me for my key passphrase, but I miss this and it times out,

I know this problem but there is no good solution for this.  We could
hack around it for on-disk keys but as soon as a smartcard is used, that
smartcard may want a PIN in any case and thus any delayed cache expiring
won't help.

> How can I configure this timeout?

Put

pinentry-timeout 3600

into gpg.agent.conf for a one hour timeout:

This option asks the Pinentry to timeout after n seconds with no
user input.  The default value of 0 does not ask the pinentry to
timeout, however a Pinentry may use its own default timeout value
in this case.  A Pinentry may or may not honor this request.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Timeout when signing

2021-03-18 Thread Ángel 
On 2021-03-18 at 13:57 +, Nick Cripps via Gnupg-users wrote:
> Hi,
> 
> I'm trying to encrypt and sign a large file. It takes a while to do
> this, and I then do other things while this is happening. It then
> completes and presumably asks me for my key passphrase, but I miss
> this and it times out, so all I see is the following error message:
> 
> gpg: signing failed: Timeout
> gpg: file.gz: sign+encrypt failed: Timeout
> 
> I guess that it is actually pinentry that times out, and gpg just
> passes on the error from pinentry? 
> 
> How can I configure this timeout? 
> 
> My /usr/bin/pinentry on my (Gentoo) system is a symlink to
> /usr/bin/pinentry-gtk-2, but since I am doing this over SSH without X
> forwarding, and it is working fine (and asking me in a curses based
> interface), I don't think pinentry-gtk-2 is actually the pinentry
> program being used, but I don't really understand how this works TBH.
> I do know that Gentoo uses Gentoo's eselect utility to manage the
> /usr/bin/pinentry symlink, but it seems like gpg is smart enough to
> use the appropriate version if this isn't appropriate, somehow. Can
> anyone explain this, or point me to where it is explained?
> 
> Many thanks in advance.
> 
> Kind regards,
> Nick

What are your caching preferences? I would first sign an empty/ummy
file, so it asks for the passphrase and unlocks the private key, then
perform the real operation (which will hopefully not require your
input).

Kind regards




___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users