macOS pinentry remove saved password

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

macOS pinentry remove saved password

GnuPG - User mailing list
Hi,

The default behaviour of the pinentry app (on macOS at least) is to have the option "save password in Keychain" automatically selected.

I have to deselect this every time I use a specific GPG key where I don't want the password saved in the macOS Keychain. Unfortunately it seems I neglected to do this one time and so now it has been stored in the Keychain.

I would like to remove it from the Keychain but it seems I can't find the gpg key listed in the macOS Keychain application and so I'm not sure how to remove it so that pinentry will again start asking me for the password for that particular gpg key.

Any help would be appreciated.

Thanks.

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|

Re: macOS pinentry remove saved password

GnuPG - User mailing list
Hi,

The key is listed in the login keychain.  It uses the name and one of the associated numbers - It is the fifth element in —with-key-data but I don’t recognize it.

This default for pin entry is … frustrating.

Regards,

bex 
On Mar 16, 2021, 12:05 PM +0100, Mark McDonnell via Gnupg-users <[hidden email]>, wrote:
Hi,

The default behaviour of the pinentry app (on macOS at least) is to have the option "save password in Keychain" automatically selected.

I have to deselect this every time I use a specific GPG key where I don't want the password saved in the macOS Keychain. Unfortunately it seems I neglected to do this one time and so now it has been stored in the Keychain.

I would like to remove it from the Keychain but it seems I can't find the gpg key listed in the macOS Keychain application and so I'm not sure how to remove it so that pinentry will again start asking me for the password for that particular gpg key.

Any help would be appreciated.

Thanks.
_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|

Re: macOS pinentry remove saved password

GnuPG - User mailing list
Ah, ok cool think I found it. 

Thanks bex.

It would be great if users could configure the default as it feels dangerous to default to saving the passphrase.

On Tue, Mar 16, 2021 at 11:41 AM <[hidden email]> wrote:
Hi,

The key is listed in the login keychain.  It uses the name and one of the associated numbers - It is the fifth element in —with-key-data but I don’t recognize it.

This default for pin entry is … frustrating.

Regards,

bex 
On Mar 16, 2021, 12:05 PM +0100, Mark McDonnell via Gnupg-users <[hidden email]>, wrote:
Hi,

The default behaviour of the pinentry app (on macOS at least) is to have the option "save password in Keychain" automatically selected.

I have to deselect this every time I use a specific GPG key where I don't want the password saved in the macOS Keychain. Unfortunately it seems I neglected to do this one time and so now it has been stored in the Keychain.

I would like to remove it from the Keychain but it seems I can't find the gpg key listed in the macOS Keychain application and so I'm not sure how to remove it so that pinentry will again start asking me for the password for that particular gpg key.

Any help would be appreciated.

Thanks.
_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|

Re: macOS pinentry remove saved password

Klaus Ethgen
Hi,

Am Di den 16. Mär 2021 um 17:19 schrieb Mark McDonnell via Gnupg-users:
> It would be great if users could configure the default as it feels
> dangerous to default to saving the passphrase.

I believe, it is the "no-allow-external-cache" option.

I had the same on linux with the shity gnome PW manager. It might be the
same option on mac.

Regards
   Klaus
--
Klaus Ethgen                                       http://www.ethgen.ch/
pub  4096R/4E20AF1C 2011-05-16            Klaus Ethgen <[hidden email]>
Fingerprint: 85D4 CA42 952C 949B 1753  62B3 79D0 B06F 4E20 AF1C

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

signature.asc (703 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: macOS pinentry remove saved password

GnuPG - User mailing list
On Tue, 16 Mar 2021 20:34, Klaus Ethgen said:

> I believe, it is the "no-allow-external-cache" option.

Right, but I am not sure about the macOS pinentry; in particular if it
is closely based on the standard pinentry code base or does its own
thing.  Any pointer to that pinentry?


Salam-Shalom,

   Werner

--
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

signature.asc (233 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: macOS pinentry remove saved password

Lukas Pitschl | GPGTools
In reply to this post by GnuPG - User mailing list
Am 16.03.2021 um 17:19 schrieb Mark McDonnell via Gnupg-users <[hidden email]>:

> It would be great if users could configure the default as it feels dangerous to default to saving the passphrase.

That is possible by running the following command:

    defaults write org.gpgtools.common UseKeychain -bool NO

To remove any saved passwords from macOS Keychain, search
for GnuPG to find them.

The folks of homebrew are using our version of pinentry which is
based off the standard pinentry, but adds the possibility to store passphrases
for GnuPG keys in macOS Keychain. For our version of GnuPG it should default
to on, but we also provide a macOS preference pane to change the default.
As such a preference pane is not available for homebrew users, we have
brought this issue up with them but they have not reacted.

Best,

Lukas
GPGTools

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

signature.asc (276 bytes) Download Attachment