Thanks! On Mon, 29 Jan 2018 at 05:29 Noam Postavsky wrote: > John Williams writes: > > > I encrypted a file using Easy PG. When I did so, I specified a pass > > phrase via a window manager pop-up dialog and checked the option to > > save the pass phrase in the "keyring". I am using GNOME, so I assumed > > that the "keyring" in question was Seahorse. > > > > I opened the file again and was not prompted for the pass phrase. I > > was happy. I rebooted to see if the cache was ephemeral, and lo, it > > was not. I was happy. > > > > A few days later, I attempted to open the file again, and was prompted > > for the password. I had forgotten it, and now there is no way to > > access the contents of the file. I am very sad, because the contents > > of the file are worth about $20,000 to me. > > Hmm, I don't think gpg-agent caches over reboots, so I wonder what saved > your pass phrase the first time. > > > Mea culpa. I should not have trusted software for such an important > > task without reading the manual. But after reading the manual, I find > > no mention that the pass phrase caching is ephemeral. After much > > Googling, I found out about gpg-agent and max-cache-ttl. > > > > I don't think it's reasonable to expect users to read long manuals, or > > already be experts in underlying technology, in order to use simple > > functionality. I also think the the dialog that prompts for a pass > > phrase should inform the user about default-cache-ttl and > > max-cache-ttl. > > > > I also think the dialog, and the manual, should emphasise very > > strongly that pass phrases are not cached forever. > > I somewhat feel that the term "cache" already implies temporary, but > saying it explicitly shouldn't hurt I guess. Emacs is not in control of > the dialog at all, so we cannot affect that. > > --- i/doc/misc/epa.texi > +++ w/doc/misc/epa.texi > @@ -474,7 +474,9 @@ Caching Passphrases > > Typing passphrases is a troublesome task if you frequently open and > close the same file. GnuPG and EasyPG Assistant provide mechanisms to > -remember your passphrases. However, the configuration is a bit > +remember your passphrases for a limited time. Using these, you only > +need to re-enter the passphrase occasionally. > +However, the configuration is a bit > confusing since it depends on your GnuPG installation@xref{GnuPG > version compatibility}, encryption method (symmetric or public key), > and whether or not you want to use gpg-agent. Here are some >