John Williams <johnfrombluff@gmail.com> writes:
> I encrypted a file using Easy PG. When I did so, I specified a pass
> phrase via a window manager pop-up dialog and checked the option to
> save the pass phrase in the "keyring". I am using GNOME, so I assumed
> that the "keyring" in question was Seahorse.
>
> I opened the file again and was not prompted for the pass phrase. I
> was happy. I rebooted to see if the cache was ephemeral, and lo, it
> was not. I was happy.
>
> A few days later, I attempted to open the file again, and was prompted
> for the password. I had forgotten it, and now there is no way to
> access the contents of the file. I am very sad, because the contents
> of the file are worth about $20,000 to me.
Hmm, I don't think gpg-agent caches over reboots, so I wonder what saved
your pass phrase the first time.
> Mea culpa. I should not have trusted software for such an important
> task without reading the manual. But after reading the manual, I find
> no mention that the pass phrase caching is ephemeral. After much
> Googling, I found out about gpg-agent and max-cache-ttl.
>
> I don't think it's reasonable to expect users to read long manuals, or
> already be experts in underlying technology, in order to use simple
> functionality. I also think the the dialog that prompts for a pass
> phrase should inform the user about default-cache-ttl and
> max-cache-ttl.
>
> I also think the dialog, and the manual, should emphasise very
> strongly that pass phrases are not cached forever.
I somewhat feel that the term "cache" already implies temporary, but
saying it explicitly shouldn't hurt I guess. Emacs is not in control of
the dialog at all, so we cannot affect that.
--- i/doc/misc/epa.texi
+++ w/doc/misc/epa.texi
@@ -474,7 +474,9 @@ Caching Passphrases
Typing passphrases is a troublesome task if you frequently open and
close the same file. GnuPG and EasyPG Assistant provide mechanisms to
-remember your passphrases. However, the configuration is a bit
+remember your passphrases for a limited time. Using these, you only
+need to re-enter the passphrase occasionally.
+However, the configuration is a bit
confusing since it depends on your GnuPG installation@xref{GnuPG
version compatibility}, encryption method (symmetric or public key),
and whether or not you want to use gpg-agent. Here are some