Asking for Passphrase
Created: 14 Jun 2012 | 8 comments
Every time I go to check my email it asks for my passphrase even if there are no encrypted messages to be descrypted and I am not signing any outgoing messages. If I do not provide it by hitting the cancel button, PGP crashes entirely and I have to run it again or my mail client doesn't get proxied.
I am running Mac OS X 10.7.4 using the Mac mail application. Is there a way to prevent PGP from asking for my passphrase unless it actually needs to use it?
Discussion Filed Under:
Comments 8 Comments • Jump to latest comment
Although not exactly want you want, you can get by with just having to enter your passphrase once, if you set PGP Options to cache your passphrase. I'm not sure it is the same for Mac users, but I have this option on the General tab of PGP Options.
If/when you consider your issue resolved, please click Mark As Solution on the most helpful response.
Search the Knowledge Base
I dont think that is possible, there are settings to cache the passphrase for x hours, but then you're just eliminating the point of having the passphrase there.
http://www.cstl.com
It is typically not considered a security risk to have the passphrase cached while sitting in front of your computer using it - it is very quick and easy to purge the passphrase when one leaves the machine long enough to not consider the password protected screensaver sufficiently secure; or to simply enter standby for such times.
If/when you consider your issue resolved, please click Mark As Solution on the most helpful response.
Search the Knowledge Base
Indeed, providing there are other security measures in place so somone can't just waltz up to your machine when you go to make a cup of coffee or somesuch, then having it cached is no problem, but the way I am reading the question is it seems they want to completely forget the key is unlocked and wants it unlocked all the time, because as far as I know you cannot unlock the key when an email comes in that needs to be encrypted, the key unlocks when the mail.app is open is that right?
http://www.cstl.com
The passphrase should only be requested when it is necessary to decrypt the private key, when the private key is needed for either signing or decryption. I don't believe the OP wants the private key always decrypted, but this can actually be done by not entering a passphrase when you generate the key.
If/when you consider your issue resolved, please click Mark As Solution on the most helpful response.
Search the Knowledge Base
I realize this is completely insecure behavior and it forces me to keep my mail client closed unless I am specifically using it, something I do not like at all.
Is there a fix?
As far as I am aware this is intended behaviour, when the mail.app loads up itll want to cache the key because it doesnt know how many encrypted emails you have. I cannot think of a work-around off the top of my head, only the caching of the key.
This is something that a lot of PGP Desktop users just get used to over time...
http://www.cstl.com
I'm not optimistic this would work in your situation, but there was at least one past version of PGP that had odd behavior that was resolved by enabling passphrase caching, even if just for one second. I'd suggest you try setting passphrase caching for one second.
If/when you consider your issue resolved, please click Mark As Solution on the most helpful response.
Search the Knowledge Base
Would you like to reply?
Login or Register to post your comment.