我加密了一个文件gpg -c <file>并关闭了终端。过了一会儿,我试图用gpg <file>它解密它,它解密了它,而没有要求输入密码。这是正常的吗?即使在我的同一台计算机上,如何保证 gpg 会要求输入密码?
Ste*_*itt 24
这是正常的,gpg现在用于gpg-agent管理私钥,代理缓存密钥一定时间(默认最多两个小时,十分钟不活动超时)。
要更改默认值,请创建或编辑名为 的文件~/.gnupg/gpg-agent.conf,并使用以下条目:
default-cache-ttl 指定缓存条目在上次使用后保留的时间,以秒为单位(默认为 600);max-cache-ttl 指定缓存条目保留的最长时间,以秒为单位(默认为 7200)。更改这些后,您需要重新加载配置(尝试发送SIGHUP到gpg-agent,或彻底杀死它)。
要使 gpg >=2.1 始终要求输入密码,请使用gpg --pinentry-mode loopback.
要使 gpg >=2.2.7 始终要求--symmetric( -c) 加密的密码,请使用gpg --no-symkey-cache.
GnuPG 2.2.15
Run Code Online (Sandbox Code Playgroud)--symmetric -c Encrypt with a symmetric cipher using a passphrase. The default sym- metric cipher used is AES-128, but may be chosen with the --cipher-algo option. This command may be combined with --sign (for a signed and sym- metrically encrypted message), --encrypt (for a message that may be decrypted via a secret key or a passphrase), or --sign and --encrypt together (for a signed message that may be decrypted via a secret key or a passphrase). gpg caches the passphrase used for symmetric encryption so that a decrypt operation may not require that the user needs to enter the passphrase. The option --no-symkey-cache can be used to disable this feature.
--symmetric
-c Encrypt with a symmetric cipher using a passphrase. The default sym-
metric cipher used is AES-128, but may be chosen with the --cipher-algo
option. This command may be combined with --sign (for a signed and sym-
metrically encrypted message), --encrypt (for a message that may be
decrypted via a secret key or a passphrase), or --sign and --encrypt
together (for a signed message that may be decrypted via a secret key or
a passphrase). gpg caches the passphrase used for symmetric encryption
so that a decrypt operation may not require that the user needs to enter
the passphrase. The option --no-symkey-cache can be used to disable
this feature.
使用 --no-symkey-cache 选项,它不会缓存您的密码
| 归档时间: |
|
| 查看次数: |
17338 次 |
| 最近记录: |