gpg decrypts files without asking for password
Solution 1
The phrase is cached by the GPG agent.
To clear the cache simply run
gpg-connect-agent reloadagent /bye
The encryption is not worthless, as the cache will be cleared upon logout, and will obviously not be transmitted with the file. Gpg is primarily meant to protect data in transit, and not from the logged-in user that encrypted it.
Solution 2
The GPG agent caches keys, see the manual page of gpg(1):
--symmetric
-c
Encrypt with a symmetric cipher using a passphrase. [..] gpg
caches the passphrase used for symmetric encryption so that a decrypt
operation may not require that the user needs to enter the passphrase.
The option --no-symkey-cache can be used to disable this feature.
So to disable caching for a single invocation, use something like:
gpg -c --no-symkey-cache your-file.txt
To make this setting persistent, add the option (without --
) in ~/.gnupg/gpg.conf
:
no-symkey-cache
Related videos on Youtube
JothamB
Updated on September 18, 2022Comments
-
JothamB over 1 year
I run
gpg -c file
. It asks for a password (twice) and creates an encrypted file. So far so good.When I run
gpg file.gpg
to decrypt the file it decrypts it without asking for the password ! needless to say, this "encryption" is totally worthless.The gpg encryption, in gnome as well as in the command line, was working just fine for a while and simply broke at one moment and I don't know what I did or what happened.
How to fix it ?
-
JothamB about 5 yearsI tried but it's not working gpg: invalid option "--no-symkey-cache"
-
wisbucky over 4 years
--no-symkey-cache
was added in gpg 2.2.7. You'll need Ubuntu 18.10 or later to have that option.