GNOME Bugzilla – Bug 792442
gnome-keyring ignores gpg-cache-method and gpg-cache-ttl
Last modified: 2021-06-18 10:40:12 UTC
Gnome-keyring seems to ignore the settings for gpg passphrase caching duration. Steps to reproduce: 1) In dconf-editor edit the following settings: - set '/desktop/gnome/crypto/cache/gpg-cache-method' to 'timeout' or 'idle'; - set '/desktop/gnome/crypto/cache/gpg-cache-ttl' to 5 (or some other value for easy testing) 2) Restart gnome-keyring-daemon (not sure if this is needed): $ gnome-keyring-daemon -r 2) invoke gpg2 or other program using gnome-keyring's gpg agent to get the private key, for instance: $ echo "test" | gpg --clearsign 3) If the passphrase hasn't yet been cached, gnome-keyring asks for passphrase. If it has, it won't ask for the passphrase even if last time the key was used more than 'gpg-cache-ttl' seconds ago. I would regard this as a security issue, because having these settings set, the user expects the pgp key to be protected with a passphrase in 5 minutes since last use (the default 'gpg-cache-ttl'), when in fact it isn't, and the user is unaware.
Correction: I was using "gpg2 --clearsign", because gpg couldn't access the agent for some reason: "gpg: gpg-agent is not available in this session".
Okay, so it appears that these settings are irrelevant, since gnome-keyring is not even involved with gpg anymore, since the gpg-agent component has been removed from gnome-keyring (which is a good thing): https://github.com/GNOME/gnome-keyring/commit/a8862f74aaed5ac7ea7b3d72984ddd9c40febd34 Maybe these settings should be removed then?
GNOME is going to shut down bugzilla.gnome.org in favor of gitlab.gnome.org. As part of that, we are mass-closing older open tickets in bugzilla.gnome.org which have not seen updates for a longer time (resources are unfortunately quite limited so not every ticket can get handled). If you can still reproduce the situation described in this ticket in a recent and supported software version, then please follow https://wiki.gnome.org/GettingInTouch/BugReportingGuidelines and create a new ticket at https://gitlab.gnome.org/GNOME/gnome-keyring/-/issues/ Thank you for your understanding and your help.