gpg decrypts files without asking for password

The phrase is cached by the GPG agent.

To clear the cache simply run

gpg-connect-agent reloadagent /bye

The encryption is not worthless, as the cache will be cleared upon logout, and will obviously not be transmitted with the file. Gpg is primarily meant to protect data in transit, and not from the logged-in user that encrypted it.

The GPG agent caches keys, see the manual page of gpg(1):

--symmetric
 -c
        Encrypt with a symmetric cipher using a passphrase. [..]  gpg
        caches the passphrase used for symmetric encryption so that a decrypt
        operation may not require that the user needs to enter the passphrase.
        The option --no-symkey-cache can be used to disable this feature.

So to disable caching for a single invocation, use something like:

gpg -c --no-symkey-cache your-file.txt

To make this setting persistent, add the option (without --) in ~/.gnupg/gpg.conf:

no-symkey-cache

gpg decrypts files without asking for password

Tags:

Encryption

Gnupg

Related

Recent Posts