How To Cache GPG Passphrase In Ubuntu


Read {count} times since 2020

I got into Debian packaging and one of the most brutal part was to type in the GPG secret key’s password every time I sign a package. I wasted a lot of time typing my long password.

I searched a lot to cache my password for some time after I type it once. All of them said to edit gpg-agent.conf, but none of them worked for my fresh installation of Xubuntu 16.04. I’m writing this to save you a lot of trouble.

First of all, install seashore :

sudo apt install seashore

Seashore is a great application to manage your keys. I’m asking you to install seashore as it comes with a graphical pinentry tool.

Configuring gpg-agent

Edit the file /home/username/gpg-agent.conf and add these two lines :

default-cache-ttl 1800
max-cache-ttl 1800

If your gpg-agent version is less than 2 (you can check it by running gpg-agent --version), add these lines instead :

default-cache-ttl 1800
maximum-cache-ttl 1800

The value gives the maximum amount of time the password should be cached. 1800 seconds mean 30 minutes. Here are some conversions :

600 seconds = 10 minutes

1800 seconds = 30 minutes

3600 seconds = 60 minutes = 1 hour

Configure gpg

This is the secret sauce I’m going to give you that might solve your problem. This is what worked for me.

Edit the file /home/username/.gnupg/gpg.conf. If it doesn’t exist (most likely) create it. Add this line to it :

use-agent

This makes gpg to use an agent to enter passwords.

Restart gpg-agent and you’re all set :

killall -q gpg-agent && gpg-agent --daemon

Now when you need to enter the password, a graphical dialog will be brought up :

pinentry dialog

Pinentry dialog for entering password to unlock GPG private key

and after you enter it, it’ll be cached according to gpg-agent configuration file.