Passphrase cache will timeout when timeout value of zero ('0') is specified

book

Article ID: 157575

calendar_today

Updated On:

Products

PGP Command Line

Issue/Introduction

There are currently two methods to enabling PGP to cache passphrase's for an infinite amount of time. Both require launching PGP Agent.

1.  ./pgp --cache-passphrase howard --passphrase password --passphrase-cache --passphrase-cache-timeout 0

2.   Passphrase cache can be changed in the PGPprefs.xml.  You need to modify two keys (seen below).  If you set CLpassphraseCache to true and CLpassphraseCacheTimeout to 0 you can also create an infinite passphrase cache.

    <key>CLpassphraseCache</key>
    <false></false>

    <key>CLpassphraseCacheTimeout</key>
    <integer>120</integer>

It does not matter which option you currently use.  If you specify the timeout value to '0' you will note that you can only complete 65 - 100 cryptographic operations before the passphrase will be required again.

 

./pgp --decrypt %Filename%.pgp -v
pgp:decrypt (3157:current local time 2013-01-16T16:37:13+07:00)
/.pgp/pubring.pkr:open keyrings (1006:public keyring)
/.pgp/secring.skr:open keyrings (1007:private keyring)
%Filename%.pgp:decrypt (3033:no passphrase specified)
 

Resolution

Symantec Corporation is committed to product quality and satisfied customers.  This issue is currently being considered by Symantec Corporation to be addressed in a forthcoming version or Maintenance Pack of the product.  Please be sure to refer back to this document periodically as any changes to the status of the issue will be reflected here.

Workaround: Currently if you change the value from 0 to a value like 31536000 (One full year in Seconds) we have found that the passphrase caching does work as intended.

 


Applies To

This problem is occurring on all Supported Operating Systems that PGP command line can be installed on.

For a full list please see your user guide. The latest user guide for PGP command line can be found here:  http://www.symantec.com/docs/DOC6232