gpg decrypts files without asking for password

I run gpg -c file. It asks for a password (twice) and creates an encrypted file. So far so good.

When I run gpg file.gpg to decrypt the file it decrypts it without asking for the password ! needless to say, this "encryption" is totally worthless.

The gpg encryption, in gnome as well as in the command line, was working just fine for a while and simply broke at one moment and I don't know what I did or what happened.

How to fix it ?


The phrase is cached by the GPG agent.

To clear the cache simply run

gpg-connect-agent reloadagent /bye

The encryption is not worthless, as the cache will be cleared upon logout, and will obviously not be transmitted with the file. Gpg is primarily meant to protect data in transit, and not from the logged-in user that encrypted it.


The GPG agent caches keys, see the manual page of gpg(1):

--symmetric
 -c
        Encrypt with a symmetric cipher using a passphrase. [..]  gpg
        caches the passphrase used for symmetric encryption so that a decrypt
        operation may not require that the user needs to enter the passphrase.
        The option --no-symkey-cache can be used to disable this feature.

So to disable caching for a single invocation, use something like:

gpg -c --no-symkey-cache your-file.txt

To make this setting persistent, add the option (without --) in ~/.gnupg/gpg.conf:

no-symkey-cache