I try to use GPG to sign files but something confuses me: If I enter in the terminal (the file I want to sign is called "checksums") it says:
$ gpg -s checksums
You need a passphrase to unlock the secret key for
user: "[my name] <[my email prefix]@gmail.com>"
4096-bit RSA key, ID C457C71D, created 2015-01-16
However, it doesn't ask me to enter my password but just does the signing process. Why is that?
GnuPG uses
gpg-agentto cache your passphrase. It does require the passphrase for signing (this is a private key operation) and thus prints the message, but does not need to ask you as the passphrase was still cached. Whether and how long the cache works can be configured.gpg-agent
gpgchecks if there is a runninggpg-agent(or, in newer versions, necessarily starts one).gpg-agentdoes (among other things) cache your pass phrase for a given time.Configuration
This time span can be configured in
~/.gnupg/gpg-agent.conf, which in my case contains a lineto set the cache time to ten minutes (10*60 seconds). Further options are descriped in
man gpg-agent, most options can also be used ingpg-agent.confby omitting the leading--.Because there is a gpg agent that caches your password for a period of time, so if you repeatedly use gpg, you only have to enter your password the first time, and then it will be remembered and used automatically on subsequent runs.