force gpg-agent to forget password

linux gnupg enigmail

TTL for cache passwords is controlled by gpg-agent's options:

--default-cache-ttl n
  Set the time a cache entry is valid to n seconds.  The default is 600 seconds.

--max-cache-ttl n
  Set  the  maximum time a cache entry is valid to n seconds.  After
  this time a cache entry will be expired even if it has been accessed
  recently.  The default is 2 hours (7200 seconds).

As per a way to control this on-demand, if you are able to trigger a command upon locking your screen, using keychain to handle gpg-agent could be used to execute

keychain --clear --agents gpg

which would kill all managed instances of gpg-agent. But then, you should have a way to execute keychain --agents gpg --eval $gpg upon unlocking your screen. Maybe too much hassle.


gpgconf --reload gpg-agent is one way to force the agent to forget passwords it has cached in memory. Currently (gpg 2.0-2.1) this is [almost] equivalent to pkill -HUP gpg-agent. I say "almost equivalent" since you could, in theory, have more than one agent running and the pkill will try to deliver SIGHUP to all of them.


I use a simple:

echo RELOADAGENT | gpg-connect-agent

Work as a charm.

--

Edited: tested with Debian 10, gpg 2.2.12, libgcrypt 1.8.4

Related

Kill what ever is running on port 8080
Use Font Awesome in Inkscape
How to re-arrange style items in Quick Style list in Microsoft Word?
Can't use homebrew installed git
How to sign a pdf in Okular or other FOSS program?
Remote Desktop to Windows 7 without domain
Tilde/Backtick button not working on Windows 10
How to fix truncated PowerShell output, even when I've specified -width 300
List every \Device\Harddiskvolume.?
Convert OVA to VHD for usage in Hyper-V
Is a volume with BitLocker "Waiting for Activation" encrypted or not?
How to undo a deleted outlook 2016 calendar event