Linux Blog


Section: GNU Privacy Guard (1)
Updated: 2007-12-03
Index Return to Main Contents


gpg-preset-passphrase - Put a passphrase into gpg-agent's cache  


gpg-preset-passphrase [options] [command] keygrip



The gpg-preset-passphrase is a utility to seed the internal cache of a running gpg-agent with passphrases. It is mainly useful for unattended machines, where the usual pinentry tool may not be used and the passphrases for the to be used keys are given at machine startup.

Passphrases set with this utility don't expire unless the --forget option is used to explicitly clear them from the cache --- or gpg-agent is either restarted or reloaded (by sending a SIGHUP to it). It is necessary to allow this passphrase presetting by starting gpg-agent with the --allow-preset-passphrase.

gpg-preset-passphrase is invoked this way:

gpg-preset-passphrase [options] [command] keygrip

keygrip is a 40 character string of hexadecimal characters identifying the key for which the passphrase should be set or cleared. This keygrip is listed along with the key when running the command: gpgsm --dump-secret-keys. One of the following command options must be given:

Preset a passphrase. This is what you usually will use. gpg-preset-passphrase will then read the passphrase from stdin.

Flush the passphrase for the given keygrip from the cache.

The following additional options may be used:

Output additional information while running.

-P string
--passphrase string
Instead of reading the passphrase from stdin, use the supplied string as passphrase. Note that this makes the passphrase visible for other users.



gpg(1), gpgsm(1), gpg-agent(1), scdaemon(1)

The full documentation for this tool is maintained as a Texinfo manual. If GnuPG and the info program are properly installed at your site, the command

info gnupg

should give you access to the complete manual including a menu structure and an index.