Timeout when signing

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Timeout when signing

GnuPG - User mailing list
Hi,

I'm trying to encrypt and sign a large file. It takes a while to do this, and I then do other things while this is happening. It then completes and presumably asks me for my key passphrase, but I miss this and it times out, so all I see is the following error message:

gpg: signing failed: Timeout
gpg: file.gz: sign+encrypt failed: Timeout

I guess that it is actually pinentry that times out, and gpg just passes on the error from pinentry?

How can I configure this timeout?

My /usr/bin/pinentry on my (Gentoo) system is a symlink to /usr/bin/pinentry-gtk-2, but since I am doing this over SSH without X forwarding, and it is working fine (and asking me in a curses based interface), I don't think pinentry-gtk-2 is actually the pinentry program being used, but I don't really understand how this works TBH. I do know that Gentoo uses Gentoo's eselect utility to manage the /usr/bin/pinentry symlink, but it seems like gpg is smart enough to use the appropriate version if this isn't appropriate, somehow. Can anyone explain this, or point me to where it is explained?

Many thanks in advance.

Kind regards,
Nick

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|

Re: Timeout when signing

Ángel
On 2021-03-18 at 13:57 +0000, Nick Cripps via Gnupg-users wrote:

> Hi,
>
> I'm trying to encrypt and sign a large file. It takes a while to do
> this, and I then do other things while this is happening. It then
> completes and presumably asks me for my key passphrase, but I miss
> this and it times out, so all I see is the following error message:
>
> gpg: signing failed: Timeout
> gpg: file.gz: sign+encrypt failed: Timeout
>
> I guess that it is actually pinentry that times out, and gpg just
> passes on the error from pinentry?
>
> How can I configure this timeout?
>
> My /usr/bin/pinentry on my (Gentoo) system is a symlink to
> /usr/bin/pinentry-gtk-2, but since I am doing this over SSH without X
> forwarding, and it is working fine (and asking me in a curses based
> interface), I don't think pinentry-gtk-2 is actually the pinentry
> program being used, but I don't really understand how this works TBH.
> I do know that Gentoo uses Gentoo's eselect utility to manage the
> /usr/bin/pinentry symlink, but it seems like gpg is smart enough to
> use the appropriate version if this isn't appropriate, somehow. Can
> anyone explain this, or point me to where it is explained?
>
> Many thanks in advance.
>
> Kind regards,
> Nick

What are your caching preferences? I would first sign an empty/ummy
file, so it asks for the passphrase and unlocks the private key, then
perform the real operation (which will hopefully not require your
input).

Kind regards




_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|

Re: Timeout when signing

GnuPG - User mailing list
In reply to this post by GnuPG - User mailing list
On Thu, 18 Mar 2021 13:57, Nick Cripps said:

> I'm trying to encrypt and sign a large file. It takes a while to do this,
> and I then do other things while this is happening. It then completes and
> presumably asks me for my key passphrase, but I miss this and it times out,

I know this problem but there is no good solution for this.  We could
hack around it for on-disk keys but as soon as a smartcard is used, that
smartcard may want a PIN in any case and thus any delayed cache expiring
won't help.

> How can I configure this timeout?

Put

pinentry-timeout 3600

into gpg.agent.conf for a one hour timeout:

    This option asks the Pinentry to timeout after n seconds with no
    user input.  The default value of 0 does not ask the pinentry to
    timeout, however a Pinentry may use its own default timeout value
    in this case.  A Pinentry may or may not honor this request.


Salam-Shalom,

   Werner

--
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

signature.asc (233 bytes) Download Attachment