Using GnuPG and its daemon gpg-agent

I'm using gpg-agent to remember and supply my GnuPG password when building Debian/Ubuntu packages. But I'm still confused how gpg-agent works. I invoke gpg-agent as:

eval $(gpg-agent --daemon)

It works sometimes. But what bothers me is that sometimes it doesn't work. I.e., sometimes the building process asks for my GnuPG passwords once, sometimes none, and sometimes many times. This all happens during one single bash session, after I've invoked gpg-agent as before. Not being asked for password this time doesn't guarantee that I won't get asked for password next time. I still haven't figure out why gpg decides to prompt me for password and why it doesn't.

Does it happen to you as well?

Thanks

Solution 1:

Found how to properly use gpg-agent from http://tr.opensuse.org/SDB:Using_gpg-agent

Following that, my gpg-agent daemon is caching my GnuPG passwords properly now. There was nothing wrong with my setup, just that I didn't know how to test whether my GnuPG passwords is caching properly or not.

Now, I do:

echo "test" | gpg -ase -r 0xMYKEYID | gpg

From the site: "Replace 0xMYKEYID with your GnuPG key ID. While running this command, the agent should open a graphical password dialog twice: first for signing or encrypting (gpg -ase)(gpg -ase) then for decryption or signature check (| gpg). From now on, every time GnuPG is used (either from the command line or embedded in a graphical program such as KMail), gpg-agent's password will be passed automatically (until the time-out expires or the graphical interface is closed)."

And to avoid the caching expiration, I now have set extremely long timeout period:

$ cat ~/.gnupg/gpg-agent.conf
max-cache-ttl 60480000
default-cache-ttl 60480000