trezor-gpg-agent cache expiration #474
Comments
|
Or at least it might be a good idea to hint user on the cached passphrase, because if you use a different passphrase and you're not aware that you already have some previous one cached with trezor-gpg-agent, you only get "No secret key" error message, which does not exactly tell you what is the problem. |
|
The workflow when initializing or reinitializing the gpg-key with trezor is that Trezor asks me for a passphrase, then I need to confirm the gpg key twice and then (if not cached), it asks me for the passphrase again. If it's cached, it does not ask for it, but fails with "No secret key" in case the passphrase entered at the beginning is different from the one that is cached. This was the main point of confusion for me yesterday when I spent quite a lot of time until I figured out what's the problem. |
I have noticed that when I initialize gpg using trezor-gpg, the trezor-gpg-agent is running with "--cache-expiry-seconds=inf" option, which means it will keep the passphrase cached indefinitely if I understand it correctly. Which might not always be what user wants, for example if someone is switching several trezors with several different identities, or wants to use the same trezor with more than one passphrase.
At the moment, if you want to use a different passphrase, you need to kill the trezor-gpg-agent so that it won't use the cached password. Which is fine, but a possibility of specifying the cache expiration somewhere would be nice.
The text was updated successfully, but these errors were encountered: